Skip to main content
SpringerLink
Log in

Privacy and Data Security: HIPAA and HITECH

  • Chapter
Healthcare Information Management Systems

Part of the book series: Health Informatics ((HI))

Abstract

With the Omnibus Final Health Insurance Portability and Accountability Act (HIPAA) Rule of September 2013, privacy and security of patient health information has been further tightened. Looking back from 2002 when HIPAA was first released, monetary penalties have increased as has the scrutiny surrounding the protection of patient health information. With numerous updates and additions, such as the Health Information Technology for Economic and Clinical Health Act, (HITECH), to the original HIPAA Rule, managers have to be akin to the changes as any day can bring a HIPAA complaint or breach. In this uncertain environment, breach management is a critical part of working with HIPAA. HIPAA and HITECH are laws which are to be operationalized into an organization’s standard operating procedures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Department of Health and Human Services. News release. http://www.hhs.gov/news/press/2014pres/05/20140507b.html. Accessed 7 May 2014.

  2. Department of Health and Human Services. HIPAA security series. Volume 2, paper 1, March 2007. http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/security101.pdf.

  3. Robert Tennant and Amy Nordeng. New privacy and security omnibus rule released. MGMA connexion, Apr 2013, page 18 of 18–21.

    Google Scholar 

  4. The Wall Street Journal. Home depot’s 56 million card breach bigger than target’s.http://www.wsj.com/articles/home-depot-breach-bigger-than-targets-1411073571. Accessed 18 Sept 2014.

  5. Department of Health and Human Services. HIPAA final rule, 45CFR164.402. 25 Jan 2013.

    Google Scholar 

  6. Downing K. Navigating a compliant breach management process. J AHIMA. 2014;85(6):56–8.

    PubMed  Google Scholar 

  7. US Department of Health and Human Services. Massachusetts provider settles HIPAA case for $1.5 million. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/meei-agreement.html. Accessed 20 Apr 2015.

  8. US Department of Health and Human Services. Alaska DHSS settles HIPAA security case for $1,700,000. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/alaska-agreement.html. Accessed 20 Apr 2015.

  9. US Department of Health and Human Services. Data breach results in $4.8 million HIPAA settlements. 2014, May 7. http://www.hhs.gov/news/press/2014pres/05/20140507b.html. Accessed 21 Apr 2015.

  10. AHIMA. Mobile device security (updated). J AHIMA. 2012;83(4):50–5. http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_049463.hcsp?dDocName=bok1_049463. Accessed 20 Apr 2015.

  11. Office for Civil Rights. The HIPAA privacy and security rules. Frequently asked questions about the disposal of protected health information. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/disposalfaqs.pdf

  12. Department of Defense Media Sanitization Guidelines 5220.22 M. http://www.destructdata.com/dod-standard/

  13. Department of Health and Human Services. Standards for privacy of individually identifiable Health Information. 45CFR164.508.

    Google Scholar 

  14. Office for Civil Rights. Understanding the HIPAA notice. http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/understanding-hipaa-notice.pdf

  15. Sherman C, Shey H, with Balaouras S, Duong, J. Brief: stolen and lost devices are putting personal healthcare information at risk. Forrester Res. 2014:3.

    Google Scholar 

  16. Department of Health and Human Services. Managing mobile devices in your health care organization. http://www.healthit.gov/sites/default/files/fact-sheet-managing-mobile-devices-in-your-health-care-organization.pdf

  17. HIPAA Privacy, Security, and breach notification audit program. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/

  18. Department of Health and Human Services, Office of the Secretary. Standards for privacy of individually identifiable health information. 45 CFR 160.306(b)(3).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. HIPAA & HMS Departments, University HIPAA Compliance, Health Management Systems, Duquesne University, Pittsburgh, PA, USA

    Joan M. Kiel PhD, CHPS MPhil, MPA

  2. Office of Ethics and Compliance, UPMC, Pittsburgh, PA, USA

    Frances A. Ciamacco BS, MS, RHIA

  3. Corporate Services Division, Office of Ethics and Compliance/Office of Patient and Consumer Privacy, UPMC, Pittsburgh, PA, USA

    Bradley T. Steines JD

Authors
  1. Joan M. Kiel PhD, CHPS MPhil, MPA
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frances A. Ciamacco BS, MS, RHIA
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bradley T. Steines JD
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joan M. Kiel PhD, CHPS MPhil, MPA .

Editor information

Editors and Affiliations

  1. Gentiva Health Services, Atlanta, Georgia, USA

    Charlotte A. Weaver

  2. Healthcare Informatics, IBM Research, Baltimore, Maryland, USA

    Marion J. Ball

  3. Division of Health Sciences Informatics, The Johns Hopkins University, Baltimore, Maryland, USA

    George R. Kim

  4. Duquesne University, Pittsburgh, Pennsylvania, USA

    Joan M. Kiel

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Kiel, J.M., Ciamacco, F.A., Steines, B.T. (2016). Privacy and Data Security: HIPAA and HITECH. In: Weaver, C., Ball, M., Kim, G., Kiel, J. (eds) Healthcare Information Management Systems. Health Informatics. Springer, Cham. https://doi.org/10.1007/978-3-319-20765-0_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-20765-0_25

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-20764-3

  • Online ISBN: 978-3-319-20765-0

  • eBook Packages: MedicineMedicine (R0)

Publish with us

Policies and ethics

Search

Navigation