In the first lawsuit to invoke the new provisions of the HITECH Act, Connecticut Attorney General Richard Blumenthal filed a lawsuit against Health Net for violating HIPAA requirements.

Earlier this year, a portable computer disk drive was lost from Health Net containing protected health information (PHI), social security numbers and bank account numbers for 1.5 million current and former members. The missing information included 27.7 million scanned pages of over 120 different types of documents, including insurance claim forms, membership forms, appeals and grievances, correspondence, and medical records.

And it gets worse….the data was not encrypted, nor was it otherwise protected from access and viewing by unauthorized persons.

The lawsuit alleges that Health Net failed to:

• Ensure the confidentiality and integrity of PHI
• Supervise and train its workforce on policies and procedures regarding PHI
• Promptly notify authorities and residents of the breach

How many more lessons learned will it take before organizations implement these simple processes? Do organizational leaders realize how expensive these new HITECH requirements can be?

• Money?
• Time?
• Reputation?
• Legal Fees?
• Insurance?

Could this be a sign of the fines/lawsuits organizational leaders will face in the future?

• Have you implemented new policies and procedures to ensure compliance with the HITECH requirements?
• Have you trained all employees on new requirements?
• Do you have tracking and documentation of employee acknowledgements and understanding?
• Have you implemented ongoing awareness training as risks, threats and best practices are constantly changing?

Are you ready for February 18, 2010, when HHS will begin conducting mandatory audits and HHS/OCR can begin enforcing civil monetary penalties and settlements?

HIPAA/HITECH now also holds business associates accountable…are your business associates ready?

A survey in November 2009 by ID Experts revealed that approximately one-third of business associates were not aware they need to adhere to the new security and privacy requirements. The survey also revealed that nearly half of all hospitals said they would actually terminate their contracts with their business associates for violations.

As budgets are cut (and corners are cut), will you also be dealing with expensive lawsuits, paying monetary penalties or rebuilding relationships and your reputation?

How are you managing and implementing new HITECH requirements?

About Awareity

Awareity is a privately held organization founded in 2002. Awareity's innovative e-Management solutions empower organizations to 'connect the dots' and offer a unique focus on implementing lessons learned across several critical areas of business – compliance, information assurance, public safety, emergency management, enterprise risk management and reputation management.

Awareity’s solutions are helping organizations across multiple industries - education, financial, government, healthcare and other critical industries – to achieve better results by ensuring lessons learned become lessons implemented and the right information is shared with the right people in the right place at the right time with accountability and auditability at the individual-level. Awareity's solutions simplify complex challenges, reduce current and ongoing costs and improve efficiencies as obligations continue to mount and budgets and resources are limited.

Better Knowledge. Better Decisions. Better Results.
www.awareity.com