Financial institutions that transmit or modify protected health information for covered entities, or store or archive PHI now are covered under the HITECH Act’s strengthened provisions of the HIPAA privacy and security rule.
Many of these institutions are not aware of their increased regulatory responsibilities and new guidelines are available to walk them through the compliance. “This is all about managing risk and to minimize the prospects of a breach,” said Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission. The public relations impact of a breach questions the respect for an organization, he added. Barrett spoke during the Medical Banking Boot Camp at HIMSS11 in Orlando. More news from the HIMSS11 Conference can be found at
Among other issues, the guidelines identify the key players in organizations who need to be part of a financial organization’s compliance activities, and their responsibilities. These players include chief compliance officer/corporate sponsor, HIPAA privacy/security officer, business unit managers/HIPAA liaisons, the legal department, and marketing/product development.
Almost all of these key players also should be part of an organization’s HIPAA incident response team, Barrett said. Marketing could be exempted, but should be brought in if a breach occurs.
To see the guidelines,
This story was reprinted with permission from
