HITECH: Will you be Judged Ready?

Before anyone is kind enough to point it out, I do realize that our ABC series is taking a letter out of order on this one, but I thought it was important to do it. The past week I have been working a lot on the revision of my book, “Stedman’s Guide to the HIPAA Privacy Rule.” This time around, we are adding the security rule to the publication so it will be as lot more robust. If you’ve been following along in the past few months, we now also have the HITECH Act, which has made some significant changes to how HIPAA is implemented and what is considered compliant.

For six years now, I think our industry has flown on the mantra of “well, sure, we’re HIPAA compliant; after all, those rules REALLY basically apply to the covered entity. I have my business associate agreement and that means I’m covered.” With the HITECH Act becoming effective last week, that no longer applies. Those of us who may have small businesses (and yes, an independent contractor IS a business owner), now find ourselves facing some harsh reality. We are now classified as a covered entity under the HIPAA Privacy and Security Rules, which for many, means there has been a lot of scrambling in the past few months.

I’m curious how you are seeing this impact your world out there? If you are an employee, have you been told of new policies and procedures? Had new training? If you are an IC or a business owner (one in the same, in my opinion), have you rewritten your policies and procedures to be sure you are compliant? Do you have an identified privacy and security officer? If you’re using an FTP site for file transfers between you and your client, how has that changed, if at all?

I look forward to hearing from each of you. Post your comment here and let’s see how our world is reacting to these new changes!