- HHS OCR enforces obligations of CEs/BAs - FTC enforces Breach notification duties

- up tot 2 million fine - criminal liability for misue of ePHI

- provide patients with EHR upon request - account for all non-oral disclosures within the last 3 years - not sell EHR w/o patient consent

HITECH Flashcards by Pam Garner

HITECH updates HIPAA how?

BAs now directly covered by HIPAA instead of via BAAs

How well did you know this?

Not at all

Perfectly

What is considered a breach under HITECH?

unauthorized MADE (modification/access/deletion/exfiltration) of unsecurred ePHI
privacy/security compromised

How well did you know this?

Not at all

Perfectly

What is NOT considered a breach under HITECH?

unauthorized MADE but high confidence ePHI not affected
(ePHI is not access or is encrypted)
burden of proof on CE/BA

How well did you know this?

Not at all

Perfectly

HITECH Rulemaking

HHS OCR
HHS ONC

How well did you know this?

Not at all

Perfectly

HITECH Enforcement

HHS OCR enforces obligations of CEs/BAs
FTC enforces Breach notification duties

How well did you know this?

Not at all

Perfectly

HITECH HBNR duty to individuals

must notify individuals within 60 days

How well did you know this?

Not at all

Perfectly

HITECH HBNR duty to HHS

over 500 = must notify HHS immediately
under 500 = must notify HHS annually

How well did you know this?

Not at all

Perfectly

HITECH HBNR duty to media

500+ in same jurisdiction = CE must notify media

How well did you know this?

Not at all

Perfectly

Penalties

up tot 2 million fine
criminal liability for misue of ePHI

How well did you know this?

Not at all

Perfectly

What did HITECH push for?

EHR to be adopted

How well did you know this?

Not at all

Perfectly

EHR Requirements

provide patients with EHR upon request
account for all non-oral disclosures within the last 3 years
not sell EHR w/o patient consent

How well did you know this?

Not at all

Perfectly

HITECH Flashcards

(11 cards)