HITECH laws were enacted to up the ante on healthcare organizations to meet HIPAA legal compliance for data security and privacy, which, of course puts an additional burden on IT to make sure all bases are covered. But regardless of the rigors of enacted laws, compliance doesn't happen overnight. It takes diligence and continued effort to understand and address all necessary requirements. To avoid the potential penalties of breaking HIPAA and HITECH laws, losing the confidence of patients and partners, and incurring hefty penalties, a focused, deliberate, measured plan is essential.
In addition to becoming familiar with HIPAA and HITECH regulations (a good place to start is the HHS.gov website), it's critical to meet with your security and management team and make decisions as to how your organization can best protect sensitive healthcare information. One of the first places to start this process is to fully document your department's own security policy and procedures. This provides the foundation from which to train internal users in understanding and complying with the HIPAA and HITECH rules. In fact, having a security policies and procedures document is a requirement by HIPAA and HITECH.
If you don't currently have your security policies and procedures documented, one option for finding a good template is to Google the term, "IT Security Policies and Procedures." You will find free downloadable templates that give you a basic outline to follow.
If you already have this document in place, keep in mind it needs to be treated as a living document, to be changed and updated often as circumstances and requirements change. Make a point to do a yearly, if not a bi-yearly, review.
Of course, documentation of security policies is only a start. You need to procure and implement proven security tools across your enterprise to protect your data -- whether the data resides on a server or is being transmitted across a network or the Internet. A less-than exhaustive list of necessary IT security tools for ensuring compliance:
As you can see, there are several aspects of compliance to HITECH and other laws that need to be considered and addressed. Healthcare professionals and organizations need to take their patients' privacy seriously, whether in the hospital, physician office or in electronic format on servers and digital communications with others.