The HITECH Act and the HIPAA Breach Notification Rule

HITECH Act and the HIPAA Breach Notification Rule

Federal law requires health care professionals and businesses to protect identifiable health information through the Health Insurance Portability and Accountability Act (HIPAA). Violations of these regulations carry hefty fines.

Search for AdvisorsJoin as an Advisor

The HITECH Act and the HIPAA Breach Notification Rule

Federal law requires health care professionals and businesses to protect identifiable health information through the Health Insurance Portability and Accountability Act (HIPAA). Congress passed HIPAA in 1996 to organize and simplify the law on privacy, security, and electronic transactions of health information. In 2009, Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act to address breach notification procedures and expand HIPAA’s privacy and security reach. 

What is the HIPAA HITECH Act?

The HITECH Act expanded HIPAA privacy and security regulations, including the creation of regular, periodic audits of health care entities. It trained state executive agencies on legal actions to enforce HIPAA, and it also standardized the compliance requirements and penalties for covered entities and business associates alike. It expanded the disclosure process and gave more control to patients over the use of the PHI.

What Is Considered a Breach?

The HIPAA Breach Notification Rule requires covered entities to report HIPAA violations and data breaches to the individuals whose information was breached as well as the government agencies responsible for oversight. In addition, the HIPAA Breach Notification Rule requires entities to make breaches public in certain circumstances.

A breach is “an impermissible use or disclosure under the HIPAA Privacy Rule that compromises the security or privacy of the protected health information.” It occurs when there is significant risk of harm, whether financial or otherwise, to an individual. The elements used to make this determination include:

  • The recipient of the information and whether the protected information was actually viewed or used;
  • The immediate and long-term steps taken to reduce the impact of the harm; 
  • The possibility of correcting the breach or returning information; and 
  • The amount, type and identifies of the information that was disclosed, including the likelihood of reidentification.

What Disclosures Are Required Under the HIPAA Breach Notification Rule?

A breach notification must be provided to the individual within 60 days of the discovery of the breach, and breach reporting must include the following specifics:

  • A description of the breach;
  • A description of the kind of information disclosed;
  • Next steps for affected individuals in order to protect themselves from potential harm;
  • A description of the current investigation into the breach, efforts to mitigate the harm, and efforts to prevent additional breaches; and
  • Contact information for the entity.

The breach must be made public if there are more than ten affected individuals with insufficient or outdated contact information. The entity must publish the breach in a prominent media outlet within 60 days if more than 500 individuals are involved.

What Can Perla Do for My Health Care Business?

Perla allows you to immediately connect with HIPAA lawyers.  And, it is free to search for and contact attorneys using Perla. 

Everyone needs legal help to get through tough times and prepare for the future. Don’t wait for days to get a referral from a friend or get stuck with the wrong attorney for lack of options. Instantly connect with a growing number of healthcare lawyers to add to your team.  And, sleep well knowing your healthcare lawyer will fight for the best possible outcomes for you or your business.  

HIPAA lawyers can assess your business’s compliance with HIPAA’s privacy, security, and breach notification requirements. Whether as a preventative measure or as a response to an ongoing investigation by HHS, HIPAA lawyers know how to assess, reduce, and control HIPAA risks. A HIPAA lawyer can give you the tools you need, such as a risk management plan, mitigation procedures, HIPAA policies and procedures, evaluation and training materials, and best practices regarding the access, storage, and termination of PHI to assist you in managing the constantly changing HIPAA requirements.

HIPAA lawyers and healthcare attorneys can also defend you in investigations for breach notification and HITECH Act violations before State agencies, such as the State Health Professional Boards or in Federal investigations, such as before the Office of Civil Rights.

How to Find A Healthcare Attorney

You need a healthcare attorney that’s geared toward your line of work and industry.  Because of the complex nature of health laws, healthcare attorneys are specialized in different niches and an attorney which specializes in federal payer reimbursement does not necessarily understand privacy compliance or  HIPAA breaches at long-term care facilities!

So, it is difficult to actually find a healthcare attorney that provides the exact services that you require in the type of practice that you have. In fact, you should consider using the Perla platform and services which will allow you and your healthcare business to find qualified experts and advisors with experience and knowledge in the healthcare industry, such as a healthcare attorney. 

Perla is a private networking platform that connects healthcare professionals and entities directly with expert advisors and consultants with experience in the healthcare industry. Get started in your FREE search today by visiting our website to find a trusted advisor with experience in the healthcare industry!

Search for AdvisorsJoin as an Advisor

Take Your Practice to the Next Level

Get started with Perla platform and grow your practice.

Find an Advisor