Implications of HIPAA and HITECH Non-Compliance
A core element of IT security is to effectively manage regulatory compliance requirements. Today IT security
compliance programs such as HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach
Bliley Act) and Sarbanes-Oxley have become diverse. As a result of which, organizations are aiming for a complete
compliance structure that is effective and also cost-efficient in nature.
In case you happen to be medium/large scale medical provider, a hospital, a health clearing house, have expertise
in health care solutions, conduct clinical research and are involved with patient health information (PHI) directly or
indirectly, via an intermediary then according to HIPAA/HITECH regulations you are a “Business Associate” or
“Covered Entity”. In such a situation, your institution is required to attain and maintain IT security and compliance
according to the standards set up by HIPAA and HITECH.
Healthcare providers and Business Associated are required to comply with HIPAA and HITECH policies. HIPAA came
into enforcement keeping the following objectives in mind:
To improve the continuity and portability of health insurance coverage
To help in easy exchange of electronic data
To reduce the cost through improved efficiency, effectiveness and standardization
To ensure that every personal health record is secured privately
HITECH i.e. Health Information Technology for Economic and Clinical Health Act on the other hand was formed in
2009 making certain important modifications to HIPAA. HITECH provides certain incentives for making use of
health records and also has rigid notification standards. Furthermore, it makes the enforcement laws strict,
maximizes penalties and changes responsibilities and liabilities of Business Associates. This apart, HITECH has
defined a security breach in a new way that states it to be an “unauthorized acquisition, access, use, or disclosure
of protected health information, which compromises the security or privacy of protected health information—
except where an unauthorized person to whom such information is disclosed would not reasonably have been able
to retain such information”.
To cater to the compliance and security requirements, organizations need to deploy apt controls in order to avert
unapproved access and leakage of critical patient information. Hence, efficient compliance management solutions
are needed that will offer total security management in order to improve the compliance processes and offer
guidance on every medical activities. An innovative automated HIPAA compliance management solution includes
Ongoing security and compliance with instant monitoring
Multiple regulation harmonization
Has “ready-to-use” packaged content, regulations, assessment questions, best practices and the capacity
to customize quickly
Can be customized according to business requirements
Provides extensive reports, i.e. compliance and risk reports on demand
Offers a single and centralized repository for all compliance related evidence
Easy to use and implement
Supports both HIPAA and HITECH regulations.
Complies with the requirements for Covered Entities (CE's) and Business Associate (BA's).
According to a Forrester research, compliance of all types has become a crucial content of data security.
Approximately, 90 percent of the enterprises surveyed by Forrester have agreed that data privacy policies, data
security regulations and data breach policies are the essential aspects of IT security and compliance programs.
Compliance management solutions that are HIPAA compliance today comprises of security and IT-GRC functions
that are needed to remain compliant. Furthermore, they come with “easy to adopt” compliance management
framework having “ready to use frameworks” along with innovative context based inference engines, high-end
alert processing, monitoring and logging solutions.
Also read more on - IT Compliance, vendor management, IT security and compliance