HITECH / HITRUST

HITECH

Several provisions of 2009’s Health Information Technology for Economic and Clinical Health Act (HITECH) strengthen civil and criminal enforcement of HIPAA rules that address the privacy and security issues related to the electronic transmission of health information. The law divides violations into four categories based on increasing levels of culpability. Penalties also increase accordingly with a maximum penalty of $1.5 million for all violations of an identical provision.

No longer can violators claim they did not know and would not have known even with reasonable due diligence. Such violations are punishable at the lowest penalty tier. However, HITECH allows a prohibition on penalty imposition for any violations corrected within 30 days provided the violation was not due to willful neglect.

HITRUST

The Health Information Trust Alliance (HITRUST) established the most widely used, certifiable Common Security Framework (CSF) in the healthcare industry. The framework incorporates controls and supporting requirements, which identify how organizations that create, access, store or exchange personal health information and financial information can meet the alliance’s objectives.

The framework is designed to reduce the burdensome task healthcare organizations face in terms of compliance with federal and state regulations as well as develop a security program based on international and domestic standards of practice related to information security.

LBMC Security Services is among a select group of organizations that have met HITRUST’s high standards and is an approved HITRUST CSF Assessor.