As an indicator of how pervasive the HITECH Act's Privacy Provisions (Subtitle D) are (i.e. regarding HIPAA compliance) there is an entire industry that it had not even occurred to us would be impacted in a significant way.
Providers of medical transcription services have long been recognized as HIPAA "business associates(BAs)," but since HIPAA was more or less a paper tiger, these businesses were free to do what most covered entities did, simply not treat the statute/regulations with a degree of seriousness (or in some cases, except for the bare minimum requirements, simply ignore the statute altogether).
The HITECH Act changes all that. BAs are now "on the hook" for both civil and criminal penalties with respect to non HIPAA compliance. Medical transcription businesses need to review their BA contracts with their clients and better understand their potential liability under the Act. This post by Raj of the MT Herald provides an excellent foundational summary of what medical transcription businesses should be thinking about.
In short, the HITECH Act's scope is expansive and the extent of its reach is yet to be defined, but one thing is certain, the number of business associates potentially impacted is just starting to surface.
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAA experience?
