4 Ways toward HITECH Incentives

Closing 2015 as the year of “The Breach,” we face 2016 a little smarter, a little more wary and a lot more confused as to how to manage HIPAA compliance. With the University of Washington Medicine (UWM) paying a hefty $750,000 in fines, facilities have HIPAA compliance high on their radar.

The HITECH Act – Get Paid for Good Record Keeping
The HITECH Act mandates that healthcare providers take a series of steps to strengthen safeguards for Protected Health Information (PHI), enabling secure electronic exchange of PHI, and establishing interoperability between systems — both internally and with external business associates.
The HITECH Act requires secure data exchange and interoperability within healthcare communities. In exchange, facilities are offered incentive payments for compliance.
To avoid penalities and qualify for incentive dollars, here are 4 things you can do:
1) Secure PHI in motion and at rest.
That means, not only securing your emails and protecting medical records, but securing PHI at rest on a server using encryption technology certfied to meet NIST 800-52 or FIPS 140-2 requirements. HITECH HIPAA also mandates the proper disposal of all media containing PHI. PHI that is not destroyed must be encrypted and stored in a secure archive. SecurShred offers both electronic  and secure file storage.

2) How to detect all privacy breaches and where to report them.
Section 13402 of Title XIII HITECH/ARRA states, “Following a breach of unsecured protected health information covered entities must provide notification of the breach to affected individuals, the Secretary, and, in certain circumstances, to the media. In addition, business associates must notify covered entities that a breach has occurred.” Make certain your IT department is communicating clearly the end-to-end monitoring and tracking of file movements throughout your entire enterprise, including 3rd party business associates.

3) Are Your Business Associates in Compliance?
On-boarding and successfully managing 3rd party associates, BYOD concerns also play into effective planning for HITECH.This means putting in place File transfer protocols, secure electronic relationships and policies that govern the flow of information yet also allow community members access to certain events that ensure business continuity.

4) Build a Core Competence in Information Exchange
In order to qualify for incentive payments going forward, your facility must demonstrate meaningful Stage 2 secure information exchange practices such as:
• Managed File Transfer (MFT)
• Electronic Data Interchange (EDI)
• Secure, policy-driven email
• eHR Data Exchange – meaning developing technical capabilities that can access the data in eHR on demand and share the data securely through web, and mobile for efficient use by people for secure business transactions.
Give SecurShred a call so we can help you with your HIPAA compliance.