Hitech Security Driver

| Posted on by

Hitech Security Driver

  1. Hitech Security Driver Update
  2. Hipaa Hitech Requirements
  3. Hitech Security Requirements
  4. Hitech Security Drivers
  5. Hitech Security Standards And Regulations

This entry is part of a series of information security compliance articles. In subsequent articles we will discuss the specific regulations and their precise applications, at length. These regulations include HIPAA or the Health Insurance Portability and Accountability Act, The Sarbanes Oxley Act, Federal Information Security Management Act of 2002 (FISMA), Family Educational Rights. Job Seekers: Looking for work in Israel - Your job search begins here.

Hitech Security Driver Update

The HIPAA Rules apply to covered entities and business associates.

Hipaa Hitech Requirements

Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.

If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules. See definitions of “business associate” and “covered entity” at 45 CFR 160.103.

Hitech Security Requirements

View an easy-to-use question and answer decision tool to find out if an organization or individual is a covered entity.

A Covered Entity is one of the following:

Hitech Security Drivers

HITRUST Certification

EHNAC and HITRUST: Creating the highest standards for healthcare data privacy and security

The HITRUST CSF certification – when attained in conjunction with the industry-specific EHNAC accreditation – demonstrates to business partners and prospects your commitment to the highest standards of data privacy and security.

EHNAC provides 18+ specific healthcare programs which include but are not limited to HIE’s, ePrescribers, clearinghouses and billing organizations. Each program contains many stakeholder specific requirements (unique to each program and their data handling responsibilities). In addition to these requirements, EHNAC and HITRUST have worked together to align privacy and security requirements to benefit those candidates who choose to combine their programs.

The HITRUST CSF provides a comprehensive HIPAA privacy and security review, including HITECH and other applicable regulatory drivers such as PCI DSS, FTC Red Flags Rules and the FDA, etc. The process includes a review of an organization’s risk management program and cyber readiness, and ensures consistency and accuracy of reporting on requirements for covered entities and business associates.

EHNAC is the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

“We are pleased to have EHNAC as a CSF Assessor to help healthcare organizations with the process of adopting and utilizing the CSF’s requirements. Their long-standing expertise and leadership in health IT privacy and security solutions make EHNAC a perfect addition to our program.”

-Ken Vander Wal, CCO, HITRUST

Why choose EHNAC as your HITRUST CSF Assessor?

Hitech Security Standards And Regulations

By selecting EHNAC as your organization’s HITRUST CSF Assessor, documentation required for the privacy and security requirements of the different frameworks are significantly similar such that internal compliance resource time, hassle and redundancy preparing for them will be significantly reduced. What’s more, EHNAC Site Reviewers are also HITRUST Practitioners, meaning that, in many cases, the number of site visits may be reduced to obtain HITRUST CSF certification and EHNAC accreditation and may therefore reduce costs. Benefits include:

  • Using EHNAC for your HITRUST CSF assessment provides consistency between HITRUST certification and EHNAC accreditation programs for HIPAA privacy and security compliance.
  • Organizations achieving HITRUST certification will have 100% of their privacy and security credited to their EHNAC accreditation.
  • Organizations that already have EHNAC accreditation will have developed the majority of their HIPAA-related HITRUST CSF privacy and security to apply to that certification.
  • EHNAC site reviewers are also HITRUST Practitioners, making it easier for organizations to undergo audits.
  • Obtaining both HITRUST CSF certification and EHNAC accreditation at the same time significantly reduces the time, expense and redundancy needed to prepare documentation and undergo required site visits.
  • EHNAC is participating on key HITRUST workgroups, advocating strong continuing education and industry requirements regarding privacy and security are communicated and included in future CSF versions.
Hitech Security Driver

Also, are you looking for hands-on support to help you through the pre-assessment steps, readiness planning process and more? Learn about EHNAC’s Consulting and Advisory Services which have been designed to support HITRUST Certification.