HIPAA / HITECH – Safe handling of sensitive data

Increasing enforcement. Rising security concerns

The Health Insurance Portability and Accountability Act (HIPAA) has recently gained increasing enforcement with the passing of the Health Information Technology for Economic and Clinical Health (HITECH) act. The Department of Health and Human Services (HHS) Office of Civil Rights Division (OCR) is training State Attorneys General on how to bring lawsuits against organizations that breach the acts. As technology pushes innovation and growth in the healthcare industry, securing the handling of sensitive data is crucial to the success of healthcare organizations.


In 1996, HIPAA was enacted. HIPAA requires protected health information of patients to be protected by “covered entities.” Covered entities include: healthcare providers (including hospitals, nursing homes, clinics, pharmacies, doctors, psychologists, dentists, chiropractors), health plans (including health insurance companies, HMOs, company health plans, Medicare, Medicaid, military/veteran healthcare programs) and healthcare clearinghouses (entities that process nonstandard health information they receive from another entity into a standard, such as standard electronic format or data content, or vice versa). HIPAA also extends to “business associates” (including third-party administrators, pharmacy benefit managers for health plans, claims processing/billing/transcription companies, persons performing legal, accounting and administrative work).

In 2009, the American Recovery and Reinvestment Act (ARRA) was enacted. The ARRA includes a section referred to as HITECH. HITECH promotes the adoption of electronic health records (EHRs) to improve efficiency and lower healthcare costs, expands on required concepts for information security and defines breach violation notification and enforcement actions.

Per HITECH, non-compliance with the HIPAA can now be fined up to $1,500,000 per calendar year, per each violation. In addition, civil monetary penalties or monetary settlements may be awarded to individuals who have been affected by such data breaches.

Our IT Compliance and IT Security services aids you in determining if your entity meets the HIPAA/HITECH requirements through our audits and assessments. Our Services include:

  • HIPAA and HITECH Audits & Assessments
  • Privacy (Business Processes)
  • Security (IT, Network, Physical Gap Analysis)
  • Review of Policies & Procedures
  • Meaningful Use Risk Assessments
  • Penetration & Intrusion Testing
  • Network Security Audits