I wrote a short blog on some of the changes that were instituted by the passage of ARRA and it incorporated HITECH provisions. If you follow the link at the bottom of this entry, you can go to an interview that I did with Search Security on the subject of VARs and Business Associates. "In this edition of “Patrolling the Channel,” see why the designation of “business associate” has given McDonald additional compliance challenges. The executive VP talks about the technical and non-technical controls being implemented for HIPAA’s sake.
In consulting with so many clients, there are some things that just seem to be universal. One of those nearly universal truths, is the tendency for clients to mix and match or use the terms, Disaster Recovery and Business Continuity interchangeably. While these two terms define activities that often parallel each other, they are in fact very different concepts. The confusion or mixing of the terms can lead to clients being misled, or even left at significant risk, due to improper planning.
Many were excited by the passing of Title XIII of ARRA, also known as the Health Information Technology for Economic and Clinical Health Act (HITECH Act). It was billed as providing up to $22 billion dollars for taxpayer money to, "advance the use of health information technology." What was not so well trumpeted during all of the excitement, were the massive increases in enforcement, penalties, the changing of the HIPAA enforcement responsibility from CMS to the Office of Civil Right and the extension of the HIPAA Rules to business associates of covered entities.