Courtesy of Infinisource.net

Tuesday, March 02, 2010

 The Department of Health and Human Services launched its website for publicizing breaches of unsecured protected health information (PHI) in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act.

 The HITECH Act requires all HIPAA covered entities to report breaches of unsecured PHI to affected individuals. In cases where the breach involves 500 or more individuals, it must be reported to HHS immediately after the breach occurs. Covered entities must report breaches involving fewer than 500 individuals to HHS on an annual basis. HHS had delayed enforcement of the HITECH Act notification requirements until February 22, 2010.

 A review of the initial posting reveals several interesting facts:

• All told, 38 breaches were reported, affecting 500 or more individuals.
• The most common breach was theft of either a laptop or desktop computer or portable electronic device.
• The breaches spanned 17 states and the District of Columbia.
• Covered entities included doctors’ offices, hospitals, insurance carriers, private employers and even a few governmental agencies.
• Only seven of the breaches involved business associates.
• The largest breach occurred with Blue Cross Blue Shield of Tennessee, where about 500,000 individuals were affected by the theft of some hard drives.
• Perhaps the most unusual breach involved a New York covered entity that reported the incorrect mailing of some 83,000 postcards that apparently contained PHI.

 Infinisource has already put in place policies and procedures to comply with the HITECH Act. For our many clients, we revised the HIPAA Confidentiality Appendix to address the HITECH Act. Clients can view a Source article that was sent out late last year for more information.

 In addition, Infinisource has updated our HIPAA Privacy and Security product called HIPAA Solved to include the HITECH Act. As of February 17, 2010, business associates needed to comply with many of the privacy and security requirements because of the HITECH Act.