• 
• 

Details

Category: Solutions

Comply with HITECH and Secure Electronic Protected Health Information (ePHI)

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, part of the American Recovery and Reinvestment Act (ARRA), advances the electronic exchange of large amounts of health information and expands the reach of the HIPAA data privacy and security requirements to ensure the security of ePHI. The HIPAA Security Rule covers health plans, healthcare clearinghouses and healthcare providers. As of February 17, 2010, under the HITECH Act, business associates are also required to comply with the security rule requirements. HITECH establishes mandatory federal security breach reporting requirements, along with expanded criminal and civil penalties for non-compliance.

HITECH Breach Notification Requirements

The HITECH Act requires that covered entities and business associates disclose breaches of "unsecured PHI," which is defined as "protected health information that is not secured through the use of a technology or methodology specified by the Secretary in guidance."

The U.S. Department of Health and Human Services guidance states that "encryption and destruction [are] the two technologies and methodologies for rendering protected health information unusable, unreadable, or indecipherable to unauthorized individuals." In addition, it states that "we do not believe that access controls meet the statutory standard of rendering protected health information unusable, unreadable, or indecipherable to unauthorized individuals."

While 98 percent of survey respondents have a policy in place to limit the disclosure of Protected Health Information (PHI), only 52 percent employ encryption technologies to render data unreadable or unusable in the case of unauthorized access.¹

Overview

Lumension Helps Covered Entities and Business Associates Secure ePHI and Ensure HITECH Compliance

Endpoint management and security software from Lumension enables covered entities and their business associates to ensure HITECH compliance and enables the security of confidential electronic medical records. These products include:

• Lumension® Risk Manager - Comprehensive IT-GRC software that streamlines and automates audit workflows and IT risk management to provide crucial visibility and continuous monitoring across the IT environment to ensure compliance with HITECH as well as HIPAA and other pertinent regulations (i.e. PCI, State privacy regulations), mandates, and internal policies.
• Lumension® Device Control - Policy-based enforcement of removable device use and data encryption to ensure security of ePHI.
• Lumension® Device Control for Microsoft® System Center – Protect ePHI with award-winning device / port control and data encryption in your SCCM environment – without requiring new infrastructure and without additional administration overhead.

Financial Impact of HITECH Non-Compliance

Only 40 percent of survey respondents report that there is clear and broad awareness of the new civil and criminal penalties under the ARRA.

Violation category—Section 1176(a)(1)	Each violation	All such violations of an identical provision in a calendar year
(B) Reasonable Cause	1,000–50,000	1,500,000
(C)(i) Willful Neglect—Corrected	10,000–50,000	1,500,000
(C)(ii) Willful Neglect—Not Corrected	50,000	1,500,000

• < Prev
• Next >