Complete Story
08/31/2010HITECH and HIPAA Privacy Security Rules Compliance Guidelines for Financial Institutions in the Healthcare Sector: HITECH and the HIPAA Privacy and Security Rules
Executive Summary
NACHA — The Electronic Payments Association, in cooperation with the Electronic Healthcare Network Accreditation Commission (EHNAC), HIMSS Medical Banking Project, and the Workgroup for Electronic Data Interchange (WEDI), recently released a white paper, “Compliance Guidelines for Financial Institutions in the Healthcare Sector: HITECH and the HIPAA Privacy and Security Rules.” The document provides guidelines to help financial institutions address inherent compliance challenges of the HITECH Act and HIPAA.
Background
The passage of the HITECH Act directly affects financial institutions and their services for the healthcare sector. HITECH modifies and amplifies the existing data privacy and security rules for protected healthcare information under HIPAA. There are new breach reporting requirements and tougher penalties. Financial institutions that deliver services to the healthcare sector (payers, e.g. insurance companies, or healthcare providers, e.g. doctors, hospitals, pharmacies, etc.) may find they must meet HIPAA data privacy and security measures. This white paper addresses those issues by helping financial institutions determine their applicability and develop and implement a compliance program.
Although each financial institution will need to determine its own eligibility, this white paper covers applicable regulations and implications for financial institutions, in addition to the areas noted below:
- HIPAA eligibility and status
- Infrastructure
- Risk analysis
- Risk audit
- Technology systems
- Communications plan
- Workforce training
- Compliance tool sets from independent third-parties
More information on this white paper and additional healthcare resources can be found on NACHA’s Healthcare Payments Resources Page at www.nacha.org/c/HealthcarePaymentsResources.cfm
|