Compliance Guidelines for Financial Institutions in the Healthcare Sector: HITECH and the HIPAA Privacy and Security Rules

The recent passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) directly affects financial institutions and their services for the healthcare sector.

HITECH modifies and amplifies the existing data privacy and security rules for protected healthcare information under the Health Insurance Portability and Accountability Act (HIPAA).

There are new breach reporting requirements and tougher penalties. Financial Institutions may find they must be able to meet the HIPAA data privacy and security measures if they deliver services to the healthcare sector.

Financial institutions first need to determine whether HIPAA and HITECH are applicable to them. This can be accomplished by determining whether the financial institution has access to protected health information (PHI) through the services they provide to organizations within the healthcare sector.

If the financial institution has access to PHI, then they need to identify their potential status as a “covered entity” or a “business associate” under HIPAA and HITECH. If the financial institution meets either definition, it must develop and implement procedures and policies that help ensure compliance with using and disclosing protected health information only in the manner set forth in the HIPAA privacy and security provisions.

This white paper, “Compliance Guidelines for Financial Institutions in the Healthcare Sector: HITECH and the HIPAA Privacy and Security Rules,” can help financial institutions evaluate eligibility and build a blue print for a compliance program. Although each financial institution will need to ultimately determine its own eligibility and required tasks, this white paper provides guidelines in the noted areas.

Read Compliance Guidelines for Financial Institutions in the Healthcare Sector: HITECH and the HPAA Privacy and Security Rules in its entirety.