Financial institutions that transmit or modify protected health information for covered entities, or store or archive PHI now are covered under the HITECH Act’s strengthened provisions of the HIPAA privacy and security rule.

Many of these institutions are not aware of their increased regulatory responsibilities and new guidelines are available to walk them through the compliance. “This is all about managing risk and to minimize the prospects of a beach,” said Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission. The public relations impact of a breach questions the respect for an organization, he added. Barrett spoke during the Medical Banking Boot Camp at HIMSS11 in Orlando.

Among other issues, the guidelines identify the key players in organizations who need to be part of a financial organization’s compliance activities, and their responsibilities. These players include chief compliance officer/corporate sponsor, HIPAA privacy/security officer, business unit managers/HIPAA liaisons, the legal department, and marketing/product development.

Almost all of these key players also should be part of an organization’s HIPAA incident response team, Barrett said. Marketing could be exempted, but should be brought in if a breach occurs.

The guidelines are available at http://www.mbproject.org/arc_goldseal.php.

--Joseph Goedert

 

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access