| In August the Department of Health and Human | | | | So what does all of this mean to your practice? |
| Services (HHS) proposed new regulations for | | | | "This will be a tremendous burden to small |
| defining and reporting security breaches of patient | | | | practices," says attorney Ed Gaines, chief |
| information under the Health Insurance Portability | | | | compliance officer of Medical Management |
| and Accountability Act (HIPAA). The new | | | | Professionals, Inc. in Greensboro, North Carolina. |
| regulations are specifically tied to requirements in | | | | "The individual medical practices are going to have |
| the section of the Stimulus Bill known as the | | | | to be very careful in understanding and analyzing |
| HITECH Act, that provide for the adoption of | | | | who has what on their computers." |
| Electronic Health Records (EHRs). The new HIPAA | | | | As part of the new regulations, practices that can |
| regulations went into effect on September 23rd. | | | | prove that they have proper security measures |
| Under new regulations, if patient information is | | | | in place, that prevent breaches by using a number |
| stolen, or otherwise compromised, practices must | | | | of specified ways, including encryption and |
| notify the affected patients and, in some cases, | | | | destruction techniques -are exempt from the |
| the U.S. Department of Health and Human | | | | regulations. So if you are not currently using an |
| Services and the local media. The regulations are | | | | EHR solution that provides such protection of |
| tied to the extent of the breach, with different | | | | your patient's data, now is a good time to start |
| notification requirements if the problem involves | | | | thinking about implementing one. |
| more than, or less than 500 patients. | | | | |