About the HITECH Act
The vast majority of breaches on the HHS.gov website are due to theft of a laptop or desktop computer that does not have an encrypted hard drive.
If the stolen desktop or laptop has an encrypted disk, the "safe harbor" provision of the HITECH Act says that the theft does not have to be reported to HHS!
Today, disk encryption is an inexpensive way to avoid the more onerous and punitive parts of HITECH. With the help of UIA consultation services, you won’t have to worry about which machines contain PHI -- if they are encrypted, they are safe.
New Teeth in HIPAA ... and how to avoid them
If you haven’t yet heard of the new HITECH Act, you soon will. HITECH stands for Health Information Technology for Economic and Clinical Health and it is part of the ARRA (American Recovery and Reinvestment Act).
There are several new rules that carry heavy penalties and grant broad powers of enforcement to courts.
Example: Not reporting a stolen computer which contains PHI is now a criminal act. The good news is that there are reasonable ways to avoid the new fines and penalties.
One of the most significant rules is that you are responsible for personal health information (PHI) even after it leaves your control.
For example, if your organization sends personal health information such as patient medical records to a lab and that lab loses a laptop to theft or carelessness, then you are just as liable as the lab for the PHI breach under HITECH. The breach must be reported to HHS and to the local media, and failure to do so will result in heavy fines.
This is why we at UIA are such advocates of encryption and implementing concise documentation of policies and procedures. We have a packaged solution that offers a common sense approach which is both inexpensive and easy to maintain. Call for details.