HIPAA, HITECH and Privacy for Health Care Providers
Compliance and guidance for protected health information
Buttaci Leardi & Werner, LLC often counsels clients regarding HIPAA, the Health Insurance Portability and Accountability Act. We assist our clients with the wide array of issues involved in complying with security and privacy requirements for protected health information (PHI), whether under HIPAA or similar state laws. In addition, health care providers in New Jersey, New York and across the country turn to us for aid in implementing the changes and additions to HIPAA required by the Health Information Technology for Economic and Clinical Health Act (HITECH), which substantially altered the reporting requirements of privacy and security rules under HIPAA.
HIPAA affects every part of your health care practice
Under HIPAA, health care providers are required to protect the privacy and ensure the security of patient PHI that you maintain and transmit. Under HITECH, these privacy and security regulations extend to “business associates–” — lawyers, accountants, billing companies and many other service providers who have access to PHI. Both the states and the federal government are increasing their enforcement efforts of privacy and security requirements, including audits, hefty monetary penalties, mandates and requirements, and other punishments for those who fail to comply with HIPAA.
At Buttaci Leardi & Werner, we can help you avoid the risks and liabilities of noncompliance. We develop compliance programs that address numerous issues practitioners and health care entities face, including:
- Determining who qualifies as “covered entities” and “business associates” under the HIPAA rules
- Reviewing business associate agreements and your relationships
- Reviewing and analyzing the use and release of PHI and electronic PHI (EPHI)
- Drafting and implementating policies and documentation for full compliance
- Examining any state law conflicts or preemption
- Training employees, contractors and business associates on privacy and safety
- Implementing health information technology (HIT) to protect your practice
Specific changes due to HITECH
Beyond the requirements and amendments to the HIPAA privacy and security rules, the HITECH act introduced new requirements for providers and health care entities. These changes significantly expanded the previous requirements of HIPAA, including:
- Requiring notification of data breaches involving PHI or EPHI by covered entities or business associates
- Mandating that disclosures of patient PHI be logged and accounted for if the provider or entity uses electronic health records
- Requiring that in non-treatment situations, when PHI must be disclosed, it is only the minimum necessary
- Increasing the penalties for noncompliance, expanding penalties to business associates and permitting state attorneys general to bring cases against practitioners and health care providers
Contact us for more information
Contact Buttaci Leardi & Werner, LLC for counsel regarding HIPAA, HITECH and PHI compliance online or call us at 609.297.5942.