The Medical Banking Boot Camp on Feb. 28, for instance, will cover, among other issues, the new health care privacy and security issues facing financial institutions following enactment of the HITECH Act. "The regulatory framework for security in health care has changed fundamentally," contends Richard Marks, an attorney and visiting lecturer in the Media Studies Department at the University of Virginia.
Under HITECH, the HIPAA privacy and security rules were strengthened, with business associates now required to comply as if they were covered entities. Breach notification rules also require business associates to report breaches of protected health information to affected covered entities.
Banks have been part of the system for clearing health care payment transactions for a long time, Marks notes. But until now, they've been under a different privacy/security regulatory environment-namely, provisions of the Gramm-Leach-Bliley Act. "Now, we have a statutory framework that requires enforcement of HITECH and Gramm-Leach-Bliley all at the same time," he adds. So banks have to understand the relationship between the two laws.
During the educational session, "Privacy and Security Issues and Updates" at the banking boot camp, Marks and Mary Rita Hyland, vice president of government relations at The SSI Group Inc., Mobile, Ala., will lay out the new regulatory environment.
Banks have to understand how health and financial regulatory agencies will get together and enforce both laws in a coordinated manner, Marks says. Absent coordination, "then there's going to be a great deal of confusion, litigation and liability, and a whole lot of angst and waste."
They'll also discuss that for banks, there now is a fundamental change in risk management that they must understand and reflect in operating policies. "Security is no longer left to information technology folks but will permeate throughout everyone in the health care industry and the banks are no exception," Marks says. "It will percolate up to and include CEOs and boards of directors." That's because individuals, not just organizations, face criminal and civil liabilities.
"Banks that are well-advised will be ready for the new environment," Marks notes. "The worry is, with everything else, people only learn the hard way."
More information on the Medical Banking Boot Camp is available at http://himssconference.org/education/MedBootCamp.aspx.
--Joseph Goedert
Be the first to comment on this post using the section below.