Healthcare Information Technology

Information about Healthcare and Technology

Healthcare Information Technology Act

The Health Information Technology for Economic and Clinical Health (Healthcare Information Technology) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the Healthcare Information Technology Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

With a growing reliance on information technology in the Healthcare Industry and the adoption of electronic medical records (EMR), ensuring the safe handling of sensitive data is crucial. The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules define requirements for the appropriate use and safeguarding of protected health information (PHI). The Health Information Technology for Economic and Clinical Health (Healthcare Information Technology) Act provisions, which were enacted as part of the American Recovery and Reinvestment Act in February 2009, include updates to the HIPAA Standards and were enacted to strengthen the privacy and security of health information.

The HIPAA Security Rule’s requirements are organized into three categories: Administrative Safeguards, Physical Safeguards, and Technical Safeguards. Within these categories are 18 standards and 36 implementation specifications. Implementation specifications are further categorized into “Required” and “Addressable”. Required specifications are critical and must be implemented. Addressable specifications are considered scalable based on the individual needs and practices of an entity. The Security Rule’s focus is on the safeguarding of electronic Protected Health Information (e-PHI).

While the Security and Privacy Rule both share the common goal of safeguarding Protected Health Information (PHI), the Privacy Rule applies to all media types including paper, oral, and electronic. The Privacy Rule requires organizations to consider the confidentiality, integrity, and availability of PHI. Further, procedures need to be in place to address the use and disclosure of PHI, notice of privacy practices, and minimum necessary approach to using PHI.

If you would like more information regarding Healthcare Information Technology, contact us today to discuss your requirements.

Complementary Services
Vulnerability Assessment
IT Risk Assessment
Social Engineering Testing and Training