SlideShare a Scribd company logo

Patient Privacy Provisions of the HITECH Act Implications for Patients and Small Healthcare Providers

Download as PPTX, PDF
Xiaoming Zeng, profile picture
Xiaoming Zeng

The document discusses privacy provisions of HIPAA and HITECH acts. [1] It covers topics like expanded definitions of covered entities, increased penalties for privacy breaches, audit requirements, and recommendations for improving privacy compliance especially for small providers. [2] Implications for patients include access to their medical records and audit trails of access, while small providers may need to outsource privacy officer roles. [3] Overall it analyzes how HITECH strengthened privacy protections but challenges remain in areas like enforcement and education.

1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Patient Privacy Provisions of the Health Information Technology for Economic and Clinical Health Act Implications for Patients and Small Healthcare Providers Fred L. Ingle HIMA 5060
Topics • Confidentiality and privacy provisions of the Health Insurance Portability Act of 1996 (HIPAA) • Confidentially and privacy provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH) • Implications for Patients • Implications for small healthcare providers • Recommendations
Confidentiality and privacy provisions of the Health Insurance Portability Act of 1996 (HIPAA) Predecessor to HITECH • Covered entities (CEs) - health plans, health care providers, and healthcare clearing houses • The act protects PHI in any form including oral, paper, and electronic media
When can PHI be used under HIPAA? • Information can be used without permission from the subject individual for: – Personal use by the subject individual or his/her designee – Treatment, payment, or healthcare operations – Public health and benefit activities – Research and public health (limited data set stripped of individualized information) • Only the minimum information necessary under the above provisions • PHI used for any other reason requires written authorization from the patient
Responsibility of the CE • Must provide the patient with the CEs privacy policy that is in accord with the Privacy Rule of 2002 • Privacy Policy must contain information about where to report concerns both to the CE and to U.S. Department of Health and Human Services
HIPAA Penalties • Both civil and criminal • Civil penalties – $100 per infraction – $25,000 for multiple infraction that do not include willful intent • Criminal Penalties – $50,000 and up to one year in prison for willful intent – $100,000 and up to five years in prison for false pretenses – $250,000 and up to ten years in prison for the sell, transfer, commercial use, or malicious harm
Confidentiality and privacy provisions of the Health Information Technology for Economic and Clinical Health Act • Definition of CEs expanded under HITECH to include business associates (BAs) of CEs • Under HIPAA termination of relationships with BAs was the only penalty for violating BAs • Under HITECH BAs are subject to the same penalties as CEs • Individuals can receive a copy of their PHI, receive information about who has accessed their PHI (3 year audit trail), and can request restrictions on PHI for any reason
HITECH and PHI Breaches • CEs and BAs are required to notify each individual affected • Methods of notification include mail, e- mail, telephone • If breach affects 500 or more individuals, a prominent media outlet must be used • Notification must occur within 60 days after initial discovery • HIPAA did not require individual notification
New Penalties Under HITECH • Under HIPAA there was no civil penalties for breaches that were not due to willful neglect if the violation was corrected within 30 days of discovery • Under HITECH any “unknowing wrongful disclosure” is subject to penalties that range from $100 to $25,000 • HITECH increases violations not due to willful neglect to $1000 to $100,000 • Penalties for repeated or uncorrected violations can extend to $1.5 million
Is HIPAA and HITECH working? • Under HIPAA in 2008, 9200 cases were resolved by the Office for Civil Rights (OCR) • Since HITECH started in 2009 through the end of 2011, over 19 million patient records were involved in breaches • Why? Lax enforcement due to lack of funds to prosecute • Audits required under the laws are moving at a snail’s pace • Failure of healthcare providers to perform risk analysis as required by the law
Recommendations • Education of patients on the provision of the law pertaining to PHI should be increased. There is a plethora of information on the Office of Civil Rights website that is useful in assisting patients in understanding their privacy rights. However, this information is not readily available at the point-of-care. Materials should be offered to patients at each encounter. • The “minimum necessary” stipulation of shared PHI for research needs to be replaced with exact language from HHS. • There should be some standards for not only certifying EHRs for privacy technology standards, but also required standards for the training and certification of administrators and others who interface with EHRs. • Audits by the Office of Civil Rights should be increased with appropriate funding. These audits should have an educational rather than a punitive focus intitially. • Providers should be conduct assessments to determine their capability of being compliant before an audit. Small providers that do not have the trained personnel available should consider out-sourcing the position of privacy and security officer to a well-qualified and certified entity.
The Hippocratic Bargain • The Hippocratic Oath established the tenets of privacy and confidentiality as fundamental aspects of aspects of medical care in ancient Greece 2400 years ago. • What once was a two-party, physician patient relationship has completely changed • The original Hippocratic bargain has evolved into the patient’s information being shared with numerous and unknown healthcare individuals and others for a variety of reasons.
The New Hippocratic Bargain • Patient’s are apprised of who sees what and why • Access is based on “tiers” of minimum amount of information needed to treat • Providers diligently work to exchange sufficient information for treatment without overstepping privacy and confidentiality boundaries • Patients are active participants in this process
Sources • References • Anderson, H. (2010a). HIPPA audits inch closer to reality [Article]. In HealthcareInfoSecurity.com. Retrieved from http://www.healthcareinfosecurity.com/articles.php?art_id=2359 • Anderson, H. (2010b). HIPPA privacy, security updates coming [Article]. In HealthcareInfoSecurity.com. Retrieved from http://www.healthcareinfosecurity.com/articles.php?art_id=2468 • Blumenthal, D. (2009). Health IT adoption and the new challenges faced by solo and small group healthcare practices [Congressional Testimony]. In HHS.gov. Retrieved from http://www.hhs.gov/asl/testify/2009/06/t20090624a.html • Brown, B. (2009). Privacy provisions of the American Recovery and Reinvestment Act. Journal of Health Care Compliance, 11(3), 37-73. Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=6acbfad3-0a7a-46f6-a1a6-6a53f3b62a0d%40sessionmgr114&vid=4&hid=124 • EMRapproved.com. (2012). Meaningful Use Stage 2 Final Rules. Retrieved from http://www.emrapproved.com/meaningful-use-stage-2.php • Greene, A. H. (2011). HHS Steps up HIPAA Audits... ...Now is the time to review security policies and procedures. Journal of AHIMA, 82(10), 58-59. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/890174092/13AC1C8147A275241B1/22?accountid=10639 • Heindel, C. & Boateng, C. (2012). Your organization could be next: How to prepare for an OCR audit. Journal of Health Care Compliance, 14(4), 47-76. Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=4d0d3484-e684-48f2-98b9-5db58e9ebff7%40sessionmgr115&vid=4&hid=115 • Hewlett Packard. (2011). White Paper: Financing your EHR: Options to bridge the ARRA reimbursement gap. Retrieved from http://www.hp.com/sbso/solutions/healthcare/financing- your-ehr-implementation.pdf • Kohn, D. (2009). Impact on the enterprise content management industry: The 2009 ARRA & HITECH Acts. Infonomics, 23(5), 28-31. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/751997596/13AC1BC61537061FA4C/19?accountid=10639 • Martin, M. (2009). HITECH increases exposure of personal care records [Article]. In Health Care News. Retrieved from http://www.heartland.org/healthpolicynews.org/article/25293/HITECH_Increases_Exposure_of_Personal_Care_Records.html • Miller, J. (2010). Locking down privacy. Managed Healthcare Executive, 20(3), 12-16. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/212588887/13AC1ABC3929A1691B/13?accountid=10639 • Patton , C. (2012). Health Informatics "Hiring Spree": Demand for Health Informatics Workers Grows. Retrieved from http://www.healthinformaticsforum.com/profiles/blogs/health- informatics-jobs-demand • Redspin Inc. (2012). Red spin breach report 2011: protected health information. Retrieved from http://www.redspin.com/docs/Redspin_PHI_2011_Breach_Report.pdf • Silver, J., Levin, T., & Garrison, L. (2003). Staff workshop report: technologies for protecting personal information. Report prepared from the workshop convened by the Federal Trade Commission to examine the current and potential role of technology in protecting consumer information. Retrieved from http://www.ftc.gov/bcp/workshops/technology/finalreport.pdf • The Future of Health Now. The Future of Health Now -. (n.d.). Retrieved from http://www.thefutureofhealthnow.com • United States Department of Health and Human Services, Office Of Civil Rights, . (2012). 2012 HIPAA privacy and security audits report. Retrieved from http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-2_lsanches_ocr-audit.pdf • United States Department of Health and Human Services, Office of Civil Rights. (2003). Summary of the HIPPA Privacy Rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf • Veazie, J. (2009). Hidden impact of the stimulus package. Health Care Collector, 23(4). Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=7ab09c68-e58a-4a34-b911-12824564f306%40sessionmgr111&vid=4&hid=103

More Related Content

PPTX
HIPAA Audit Implementation
Valency Networks
 
PPT
HIPAA Compliance
Manny Oliverez
 
PPTX
HIPAA | HITECH
rcabarloc
 
PPTX
HIPPA-Health Insurance Portability and Accountability Act
Harshit Trivedi
 
PDF
HIPAA and HITECH : What you need to know
Shred-it
 
PPTX
HIPAA Security 2019
Jose Ivan Delgado, Ph.D.
 
PPTX
Hitech changes-to-hipaa
geeksikh
 
PPT
What is hipaa
digitalpractice
 
HIPAA Audit Implementation
Valency Networks
 
HIPAA Compliance
Manny Oliverez
 
HIPAA | HITECH
rcabarloc
 
HIPPA-Health Insurance Portability and Accountability Act
Harshit Trivedi
 
HIPAA and HITECH : What you need to know
Shred-it
 
HIPAA Security 2019
Jose Ivan Delgado, Ph.D.
 
Hitech changes-to-hipaa
geeksikh
 
What is hipaa
digitalpractice
 

What's hot (20)

PDF
Hitech Act
ISACA New England
 
PPTX
Hipaa overview 073118
robint2125
 
PPTX
HIPAA AND INFORMATION TECHNOLOGY
mariaradziminski
 
PPT
Hitech Act
Deborah Obasogie
 
PPT
Hipaa
belziebub
 
PPSX
HIPAA HITECH training 7-9-12
O2 TESTING SERVICES
 
PDF
DVHIMSS Ensuring Privacy and Security of HIEs in PA
William Buddy Gillespie ITIL Certified
 
PPTX
Annual HIPAA Training
Cynthia Holland
 
PPTX
Presentation hippa
maggie_Platt
 
PPTX
Data Management Protection Acts
Joseph White MPA CPM
 
PPT
HIPAA Privacy & Security
National Pharmacy Technician Association
 
PPTX
HIPAA
Alanoud Alqoufi
 
PPTX
HIPPA Security Presentation
Rebecca Norman
 
PPTX
Hipaa for business associates simple
Jose Ivan Delgado, Ph.D.
 
PDF
Hipaa ppt june 6 2014
Lyndon Godsall
 
PPTX
Hi103 week 5 chpt 13
BealCollegeOnline
 
PPT
Hipaa
teammayco
 
PPT
Hipaa
Jason Wrench
 
PPS
HIPAA
kgriffin62
 
PPSX
Hipaa privacy rule
MsBelleA
 
Hitech Act
ISACA New England
 
Hipaa overview 073118
robint2125
 
HIPAA AND INFORMATION TECHNOLOGY
mariaradziminski
 
Hitech Act
Deborah Obasogie
 
Hipaa
belziebub
 
HIPAA HITECH training 7-9-12
O2 TESTING SERVICES
 
DVHIMSS Ensuring Privacy and Security of HIEs in PA
William Buddy Gillespie ITIL Certified
 
Annual HIPAA Training
Cynthia Holland
 
Presentation hippa
maggie_Platt
 
Data Management Protection Acts
Joseph White MPA CPM
 
HIPAA Privacy & Security
National Pharmacy Technician Association
 
HIPAA
Alanoud Alqoufi
 
HIPPA Security Presentation
Rebecca Norman
 
Hipaa for business associates simple
Jose Ivan Delgado, Ph.D.
 
Hipaa ppt june 6 2014
Lyndon Godsall
 
Hi103 week 5 chpt 13
BealCollegeOnline
 
Hipaa
teammayco
 
Hipaa
Jason Wrench
 
HIPAA
kgriffin62
 
Hipaa privacy rule
MsBelleA
 
Ad

Viewers also liked (9)

PPTX
Protecting patients confidentiality slide presentation
plunkk
 
PDF
Personal Healthcare and Patient Privacy (November 25, 2016)
Nawanan Theera-Ampornpunt
 
PPTX
Confidentiality
pcsamuels10
 
PPT
Healthcare confidentiality training.2013bev
blk70130
 
PPTX
Privacy and confidentiality
johnzinn
 
PPTX
Confidentiality
Jada Norris
 
PPTX
Confidentiality
LLSS64
 
PPT
The importance of confidentiality
swilson0050
 
PPT
Confidentiality in Healthcare
kmasterson
 
Protecting patients confidentiality slide presentation
plunkk
 
Personal Healthcare and Patient Privacy (November 25, 2016)
Nawanan Theera-Ampornpunt
 
Confidentiality
pcsamuels10
 
Healthcare confidentiality training.2013bev
blk70130
 
Privacy and confidentiality
johnzinn
 
Confidentiality
Jada Norris
 
Confidentiality
LLSS64
 
The importance of confidentiality
swilson0050
 
Confidentiality in Healthcare
kmasterson
 
Ad

Similar to Patient Privacy Provisions of the HITECH Act Implications for Patients and Small Healthcare Providers (20)

DOCX
Patient Privacy Protections
kwittman
 
PDF
Protecting Patient Health Information in the HITECH Era
Rapid7
 
PPTX
HITECH-Changes-to-HIPAA
Gurvinder Singh, CISSP, CISA, ITIL v3
 
PDF
Role-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
EMC
 
PPTX
Hipaa
pssurgery
 
PDF
Maninging Risk Exposure in Meaningful Use Stage 2
Compliancy Group
 
PPTX
HIPAA Part I the Law Test
Sachiko Hurst
 
PPT
Knowing confidentiality
jessie66
 
PPTX
Hipaa-2015
pssurgery
 
PDF
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Health IT Conference – iHT2
 
PPTX
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
eringold
 
PPT
Annual HIPAA Education
DirkRhodes
 
PDF
Hipaa basics
MichaelRodriguesdosS1
 
PPTX
Privacy, Confidentiality, and Security Lecture 2_slides
ZakCooper1
 
PPTX
Hippa training 2017
Ashley Valenzuela
 
PPT
Group presentation hippa ppt
Mari Mina
 
PDF
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
Network 1 Consulting
 
PPTX
Patients Privacy and Confidentiality
Oluseyi Ilesanmi
 
DOCX
Sarah Kim HIPAA for Small Providers
Sarah Kim
 
PPTX
health insurance portability and accountability act.pptx
amartya2087
 
Patient Privacy Protections
kwittman
 
Protecting Patient Health Information in the HITECH Era
Rapid7
 
HITECH-Changes-to-HIPAA
Gurvinder Singh, CISSP, CISA, ITIL v3
 
Role-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
EMC
 
Hipaa
pssurgery
 
Maninging Risk Exposure in Meaningful Use Stage 2
Compliancy Group
 
HIPAA Part I the Law Test
Sachiko Hurst
 
Knowing confidentiality
jessie66
 
Hipaa-2015
pssurgery
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Health IT Conference – iHT2
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
eringold
 
Annual HIPAA Education
DirkRhodes
 
Hipaa basics
MichaelRodriguesdosS1
 
Privacy, Confidentiality, and Security Lecture 2_slides
ZakCooper1
 
Hippa training 2017
Ashley Valenzuela
 
Group presentation hippa ppt
Mari Mina
 
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
Network 1 Consulting
 
Patients Privacy and Confidentiality
Oluseyi Ilesanmi
 
Sarah Kim HIPAA for Small Providers
Sarah Kim
 
health insurance portability and accountability act.pptx
amartya2087
 

More from Xiaoming Zeng (11)

PPTX
Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...
Xiaoming Zeng
 
PPTX
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Xiaoming Zeng
 
PPTX
Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...
Xiaoming Zeng
 
PPTX
Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...
Xiaoming Zeng
 
PDF
Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...
Xiaoming Zeng
 
PPTX
Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...
Xiaoming Zeng
 
PPT
Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...
Xiaoming Zeng
 
PPTX
Health 2.0 or Medicine 2.0 Applications in Health Care
Xiaoming Zeng
 
PPTX
Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...
Xiaoming Zeng
 
PPTX
HIV/Aids Surveillance Systems: Are They Implemented Effectively?
Xiaoming Zeng
 
PPTX
Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...
Xiaoming Zeng
 
Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...
Xiaoming Zeng
 
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Xiaoming Zeng
 
Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...
Xiaoming Zeng
 
Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...
Xiaoming Zeng
 
Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...
Xiaoming Zeng
 
Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...
Xiaoming Zeng
 
Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...
Xiaoming Zeng
 
Health 2.0 or Medicine 2.0 Applications in Health Care
Xiaoming Zeng
 
Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...
Xiaoming Zeng
 
HIV/Aids Surveillance Systems: Are They Implemented Effectively?
Xiaoming Zeng
 
Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...
Xiaoming Zeng
 

Patient Privacy Provisions of the HITECH Act Implications for Patients and Small Healthcare Providers

  • 1. Patient Privacy Provisions of the Health Information Technology for Economic and Clinical Health Act Implications for Patients and Small Healthcare Providers Fred L. Ingle HIMA 5060
  • 2. Topics • Confidentiality and privacy provisions of the Health Insurance Portability Act of 1996 (HIPAA) • Confidentially and privacy provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH) • Implications for Patients • Implications for small healthcare providers • Recommendations
  • 3. Confidentiality and privacy provisions of the Health Insurance Portability Act of 1996 (HIPAA) Predecessor to HITECH • Covered entities (CEs) - health plans, health care providers, and healthcare clearing houses • The act protects PHI in any form including oral, paper, and electronic media
  • 4. When can PHI be used under HIPAA? • Information can be used without permission from the subject individual for: – Personal use by the subject individual or his/her designee – Treatment, payment, or healthcare operations – Public health and benefit activities – Research and public health (limited data set stripped of individualized information) • Only the minimum information necessary under the above provisions • PHI used for any other reason requires written authorization from the patient
  • 5. Responsibility of the CE • Must provide the patient with the CEs privacy policy that is in accord with the Privacy Rule of 2002 • Privacy Policy must contain information about where to report concerns both to the CE and to U.S. Department of Health and Human Services
  • 6. HIPAA Penalties • Both civil and criminal • Civil penalties – $100 per infraction – $25,000 for multiple infraction that do not include willful intent • Criminal Penalties – $50,000 and up to one year in prison for willful intent – $100,000 and up to five years in prison for false pretenses – $250,000 and up to ten years in prison for the sell, transfer, commercial use, or malicious harm
  • 7. Confidentiality and privacy provisions of the Health Information Technology for Economic and Clinical Health Act • Definition of CEs expanded under HITECH to include business associates (BAs) of CEs • Under HIPAA termination of relationships with BAs was the only penalty for violating BAs • Under HITECH BAs are subject to the same penalties as CEs • Individuals can receive a copy of their PHI, receive information about who has accessed their PHI (3 year audit trail), and can request restrictions on PHI for any reason
  • 8. HITECH and PHI Breaches • CEs and BAs are required to notify each individual affected • Methods of notification include mail, e- mail, telephone • If breach affects 500 or more individuals, a prominent media outlet must be used • Notification must occur within 60 days after initial discovery • HIPAA did not require individual notification
  • 9. New Penalties Under HITECH • Under HIPAA there was no civil penalties for breaches that were not due to willful neglect if the violation was corrected within 30 days of discovery • Under HITECH any “unknowing wrongful disclosure” is subject to penalties that range from $100 to $25,000 • HITECH increases violations not due to willful neglect to $1000 to $100,000 • Penalties for repeated or uncorrected violations can extend to $1.5 million
  • 10. Is HIPAA and HITECH working? • Under HIPAA in 2008, 9200 cases were resolved by the Office for Civil Rights (OCR) • Since HITECH started in 2009 through the end of 2011, over 19 million patient records were involved in breaches • Why? Lax enforcement due to lack of funds to prosecute • Audits required under the laws are moving at a snail’s pace • Failure of healthcare providers to perform risk analysis as required by the law
  • 11. Recommendations • Education of patients on the provision of the law pertaining to PHI should be increased. There is a plethora of information on the Office of Civil Rights website that is useful in assisting patients in understanding their privacy rights. However, this information is not readily available at the point-of-care. Materials should be offered to patients at each encounter. • The “minimum necessary” stipulation of shared PHI for research needs to be replaced with exact language from HHS. • There should be some standards for not only certifying EHRs for privacy technology standards, but also required standards for the training and certification of administrators and others who interface with EHRs. • Audits by the Office of Civil Rights should be increased with appropriate funding. These audits should have an educational rather than a punitive focus intitially. • Providers should be conduct assessments to determine their capability of being compliant before an audit. Small providers that do not have the trained personnel available should consider out-sourcing the position of privacy and security officer to a well-qualified and certified entity.
  • 12. The Hippocratic Bargain • The Hippocratic Oath established the tenets of privacy and confidentiality as fundamental aspects of aspects of medical care in ancient Greece 2400 years ago. • What once was a two-party, physician patient relationship has completely changed • The original Hippocratic bargain has evolved into the patient’s information being shared with numerous and unknown healthcare individuals and others for a variety of reasons.
  • 13. The New Hippocratic Bargain • Patient’s are apprised of who sees what and why • Access is based on “tiers” of minimum amount of information needed to treat • Providers diligently work to exchange sufficient information for treatment without overstepping privacy and confidentiality boundaries • Patients are active participants in this process
  • 14. Sources • References • Anderson, H. (2010a). HIPPA audits inch closer to reality [Article]. In HealthcareInfoSecurity.com. Retrieved from http://www.healthcareinfosecurity.com/articles.php?art_id=2359 • Anderson, H. (2010b). HIPPA privacy, security updates coming [Article]. In HealthcareInfoSecurity.com. Retrieved from http://www.healthcareinfosecurity.com/articles.php?art_id=2468 • Blumenthal, D. (2009). Health IT adoption and the new challenges faced by solo and small group healthcare practices [Congressional Testimony]. In HHS.gov. Retrieved from http://www.hhs.gov/asl/testify/2009/06/t20090624a.html • Brown, B. (2009). Privacy provisions of the American Recovery and Reinvestment Act. Journal of Health Care Compliance, 11(3), 37-73. Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=6acbfad3-0a7a-46f6-a1a6-6a53f3b62a0d%40sessionmgr114&vid=4&hid=124 • EMRapproved.com. (2012). Meaningful Use Stage 2 Final Rules. Retrieved from http://www.emrapproved.com/meaningful-use-stage-2.php • Greene, A. H. (2011). HHS Steps up HIPAA Audits... ...Now is the time to review security policies and procedures. Journal of AHIMA, 82(10), 58-59. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/890174092/13AC1C8147A275241B1/22?accountid=10639 • Heindel, C. & Boateng, C. (2012). Your organization could be next: How to prepare for an OCR audit. Journal of Health Care Compliance, 14(4), 47-76. Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=4d0d3484-e684-48f2-98b9-5db58e9ebff7%40sessionmgr115&vid=4&hid=115 • Hewlett Packard. (2011). White Paper: Financing your EHR: Options to bridge the ARRA reimbursement gap. Retrieved from http://www.hp.com/sbso/solutions/healthcare/financing- your-ehr-implementation.pdf • Kohn, D. (2009). Impact on the enterprise content management industry: The 2009 ARRA & HITECH Acts. Infonomics, 23(5), 28-31. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/751997596/13AC1BC61537061FA4C/19?accountid=10639 • Martin, M. (2009). HITECH increases exposure of personal care records [Article]. In Health Care News. Retrieved from http://www.heartland.org/healthpolicynews.org/article/25293/HITECH_Increases_Exposure_of_Personal_Care_Records.html • Miller, J. (2010). Locking down privacy. Managed Healthcare Executive, 20(3), 12-16. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/212588887/13AC1ABC3929A1691B/13?accountid=10639 • Patton , C. (2012). Health Informatics "Hiring Spree": Demand for Health Informatics Workers Grows. Retrieved from http://www.healthinformaticsforum.com/profiles/blogs/health- informatics-jobs-demand • Redspin Inc. (2012). Red spin breach report 2011: protected health information. Retrieved from http://www.redspin.com/docs/Redspin_PHI_2011_Breach_Report.pdf • Silver, J., Levin, T., & Garrison, L. (2003). Staff workshop report: technologies for protecting personal information. Report prepared from the workshop convened by the Federal Trade Commission to examine the current and potential role of technology in protecting consumer information. Retrieved from http://www.ftc.gov/bcp/workshops/technology/finalreport.pdf • The Future of Health Now. The Future of Health Now -. (n.d.). Retrieved from http://www.thefutureofhealthnow.com • United States Department of Health and Human Services, Office Of Civil Rights, . (2012). 2012 HIPAA privacy and security audits report. Retrieved from http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-2_lsanches_ocr-audit.pdf • United States Department of Health and Human Services, Office of Civil Rights. (2003). Summary of the HIPPA Privacy Rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf • Veazie, J. (2009). Hidden impact of the stimulus package. Health Care Collector, 23(4). Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=7ab09c68-e58a-4a34-b911-12824564f306%40sessionmgr111&vid=4&hid=103