The Health Information Technology for Economic and Clinical Health (HITECH) Act, signed into law in February 2009, includes new privacy requirements that experts have called "the biggest change to the health care privacy and security environment since the original HIPAA privacy rule."*Deven McGraw and Kirk J. Nahra. "Healthcare Privacy and the New Federal Stimulus Package: Understanding the Requirements." Presentation to the International Association of Privacy Professionals. March 5, 2009. These include:
- A wider definition of what Protected Health Information (PHI) must be protected
- Wider accountability that extends from healthcare providers and payors to their business associates
- Lower thresholds, shorter timelines, and stronger methods for data breach victim notification
- Higher and sometimes mandatory penalties for non-compliance, with fines as high as $1.5 million
- More aggressive enforcement including authority to pursue criminal cases against HIPAA-covered entities (CEs), employees of CEs or their business associates
With HITECH raising the stakes and breach threats mounting, it pays to take a proactive approach to compliance and breach prevention, as well as comprehensive plans for data breach incident risk assessment, notification and patient protection services.
ID Experts® Breach Solutions for Healthcare start with prevention and preparedness, and then can assist in every step of the data breach response lifecycle including notification, patient protection and regulatory compliance.
We start with identifing your HITECH-imposed privacy obligations and data breach risks, then manage these risks to protect your organization from data breaches, stiff regulatory penalties, and the administrative burdens associated with the HITECH Act. Our expert team takes a comprehensive approach to breach prevention, including:
- Developing an accurate inventory of the PII/PHI data that you hold
- Conducting an in-depth assessment of PII/PHI data breach risks throughout your organization
- Making detailed recommendations for compliance with the HITECH act and other state and industry regulations that pertain to your business
- Creating a ready-to-execute Incident Response Plan to minimize damages, penalties and costs in case of a data breach
- Providing turnkey breach response services such as notification and remediation, tailored to your organization and customers
When an identity breach incident occurs, we help you in conducting the mandated risk assessment and then implementing the incident response plan. ID Experts can handle every element of data breach response for you, including:
- Notifying patients consistent with state and federal laws, as well as notifying HHS (as mandated by HITECH) and state Attorneys General
- Communicating with patients and providing detailed advice by specially training telephone staff and an information-rich website
- Enrolling affected individuals in a selected identity theft monitoring and protection solution
- Providing patients with our proprietary Healthcare Identity Protection Toolkit™ to address specific issues associated with medical identity theft, and
- In cases of identity theft, giving patients fully-managed services for restoring them to pre-theft status and "making them whole" again.
Our comprehensive data breach response services are unmatched for flexibility, risk reduction and compliance at a cost that is significantly less than the average or handling the incident internally.
Download more information on ID Experts Breach Prevent for Healthcare or learn more about our Breach Respond services for data breach risk assessment, HITECH compliance, notification, patient monitoring and protection, communications and identity theft restoration.