The new HITECH Act that goes into effect February 2010 places new requirements on healthcare organizations for the protection of personal health information (PHI).
The Healthcare Information Management and Systems Society (HIMSS) announced its findings of a national survey of hospitals and business associates to check the state of healthcare vulnerability to data breach. 68 percent of all hospitals indicated that the HITECH Act’s expanded breach notification requirements will result in the discovery and reporting of more incidents, and 57 percent reported that they now have a greater level of awareness of data breaches and breach risk.
Organizations are just coming to terms with the implications of the new regulations with some interesting interpretations being proposed. While the regulations appear quite clear on the need to secure the transfer of confidential patient information, in particular via email, the lack of regulations regarding use of text messages is raising questions. If sending an unsecured email with the following message “Your blood pressure is too high” will get you into trouble with HIPAA, what will happen if you text this message?
A good rule of thumb to apply to keep on the right side of HIPAA regulations is that unsecured communication is unsecured communication whether it be via text, email or file transfer. The new HITECT Act is intended to protect personal health information so this means secure it in transit.
No related posts.