When it comes to sensitive information, fines, penalties, organizational reputation and more, the HITECH Act has changed everything.

From the smallest dental and medical offices to the largest hospitals, all covered entities and business associates must be in compliance now.

Compliance is only part of the problem. There are 4 main challenges of the HITECH Act:

Unlike HIPAA enforcement in the old days, HITECH enforcement will be strong and expensive.

And This Is Just The Beginning!

The Health and Human Services Office of Civil Rights has requested an additional $5.6 million in funding, with 76% of these funds going to increased enforcement of the HITECH Act.

And if this wasn’t enough, under the HITECH Act, Attorneys General are now authorized to join in the enforcement effort.

Worse, direct fines and out-of-pocket costs do not account for the future revenue lost by angry clients who choose alternate providers because they no longer trust you.

Health Net was the first case brought by an Attorney General. With budgets tighter than ever, all 50 states are motivated to enforce this new law. Happy to oblige, the federal government began conducting regular trainings specifically for Attorneys General in April, 2011.

The increased enforcement, both civil and criminal, is being applied at all levels – from large hospitals to small practices and organizations, even to the individual employee.

The HITECH act significantly raises the bar for health information privacy and security. Previously, the liability a health care organization faced for the breach of any given provision generally couldn’t exceed $25,000. Today, that same breach can cost an organization up to $1.5 million in fines.

The smallest medical and dental offices have thousands, even tens of thousands, of medical records in their care. Because of the new laws, losing information either in electronic or paper form constitutes a breach.

Organizations need to be proactive about this new legislation in order to minimize the unprecedented risk and liability.

The biggest challenge most organizations are struggling with is the complexity of the problem.

Under the new legislation, if you have a breach of any size (even just ONE record), you have multiple reporting and notification requirements.

Worse, if non-encrypted information of 500 or more patients is breached or lost, you ALSO must notify prominent local media outlets AND the government will post your data breach on a public website.

In addition, you face the likelihood of federal investigations, HIPAA/HITECH audits, state Attorney General involvement, and significant loss of patient trust.

When law enforcement or the media discovers an unreported breach the fines are much higher and the loss of public trust much greater. Health Net, for example, waited six months before notifying consumers or law enforcement which concerned the Attorney General and exacerbated the problem.

This is not just an IT issue. In fact, it is more of business process issue that affects your entire organization.

Compliance requires the right policies, procedures, incident response plans, employee training, business associate agreements, record keeping, risk assessments and more. Everything has to be in place, documented, and updated on a regular basis.

HITECHMADESIMPLE.com is your easy comprehensive source providing all the various assessments, templates, and trainings you need.

First, you will have access to video trainings you can use to train yourself and your staff anytime – even as you hire new employees throughout the year.

The HITECH Act, Part I

This training is designed to provide the employer, physician, or administrator with a detailed overview of the HITECH Act including enforcement and accounting provisions, PHI identifiers, deadlines, breaches and breach notification requirements, changes to business associates, marketing, fund raising, and action items.

The HITECH Act, Part II

Designed for the employer, physician, or administrator, this training discusses the financial incentives set forth by the new legislation, including a discussion on meaningful use, eligibility, differences in Medicare and Medicaid providers, the attestation process, the path to getting paid, and much more.

What Your Staff Must Know About The HITECH Act

This training discusses the elements of the HITECH Act that every employee of a covered entity or business associate must understand such as PHI, fines, penalties, enforcement, notification requirements, and more.

The Cost Of A Data Breach

The costs of a breach are high, whether the information stolen was in electronic or paper form. The HITECH Act increases these costs significantly, through such aspects as patient notification, federal notification, reputation, legal liability, operational cost, fines, fees, penalties, monitoring, and much more.

Why Breaches Occur, and How to Reduce This Risk

There any many reasons why breaches occur – the most common being employee error. This training will discuss these myriad factors and many practical steps that can be taken at every level to reduce this risk.

The High Cost and Impact of Identity Theft

This training reviews real-life examples of how identity theft occurs as well as many practical steps to prevent the employee or the patient from becoming a victim of the #1 crime in America.

Identity Theft Myths and Misconceptions

Contrary to popular belief, identity theft is not just about your credit report.

All video trainings have been specifically designed to help change how your staff thinks about handling sensitive data. When your staff thinks differently, they will behave differently, which reduces your risk and liability.

Certificate of Completion

To help document your training and compliance efforts, a Certificate of Completion is provided which we encourage you to keep on file after each of your staff have completed the modules.

 

 

Risk Assessment

You will receive a comprehensive Risk Assessment. HIPAA requires a Risk Assessment, and ours provides you with over 84 questions covering administrative, physical, and technical aspects to help you reduce your risk as comprehensively as possible.

Data Map Template

Also included is a Data Map Template. In order to accurately protect your data, you first need to know where your data actually rests, how it moves, how it is used, and how it is protected in each of those states. This template will provide you with the roadmap to do this.

Business Associate Agreement

Another aspect of the new HITECH legislation is the change to Business Associates. To accommodate this, an updated Business Associate Agreement template is also included.

 

 

Data Breach Resources

Now despite the best laid plans, when a data breach occurs, you need to be ready.

Who will handle the media? Who will be part of your response team? Who needs to be notified? What are the deadlines?

To answer these questions and many others, you will also receive our Incident Response Plan, Breach Response Toolkit, Notification Letter, and Harm Threshold Assessment. These resources are provided to you in fully editable format and are critical in establishing your breach response.

 

We simplify the anxiety experienced by a data breach by giving you access to our team of affiliate partners including the nation’s leading breach restoration and consulting firm for a Free Consultation.

The HITECH Act is significant legislation, and changes or updates are occurring regularly. Your membership provides you with 12 months of free updates about changes in legislation, breach prevention tips, power points, videos, related articles, and much more.

HITECHMADESIMPLE.COM is a simple affordable solution for your whole organization – with the resources your organization needs to be ready for the HITECH Act and the risks related to protected information.

For a limited time, with your purchase of HITECH Made Simple, you will also receive for FREE our Social Media Policy and Social Networking Training Video and our Social Medial Policy! A $97 value absolutely FREE.

Bonus Employee Video Training – Social Network Awareness and HITECH

Social media sites such as Facebook and MySpace offer both an opportunity and threat to medical and dental offices. Employee misuse of these sites can cause HITECH violations. This training discusses these in detail with practical steps to reduce both organizational AND PERSONAL risks.

Bonus Employer Resource – Social Media Policy

Simply restricting access to social media sites from workplace computers is not an adequate or effective policy, and may actually increase your vulnerability. This document provides you with an editable template policy to better manage this new frontier for your organization.

We have worked hard to develop the resources your organization needs to be ready for the HITECH Act and the risks related to protected information. We know you will find HITECHMADESIMPLE.COM your complete solution.

All resources provided by this program are provided with the understanding that the authors are not rendering professional services nor providing specific legal advice. As there are many various and constantly changing laws regarding these subjects, it is essential that users seek competent legal counsel to ensure information provided is in compliance with their current state and federal requirements. Resources are provided for informational purposes only. User is advised to seek competent legal counsel in conjunction with these resources when attempting to achieve their specific security and legal objectives. Users utilize this program at their own risk and agree to hold HitechMadeSimple, its partners and affiliates harmless of any liability.