Health knowledge made personal
Join this community!
› Share page:
Search posts:

HITECH Act Summary: HIPAA § 164.520 Notice of privacy practices for PHI

Posted Jul 29 2009 11:06pm

Computer Part of the HITECH Act's " meaningful use" criteria requires providers to engage with patients and families. Clearly regulators anticipate that this engagement will take place online via some kind of Web 2.0 patient portal/website. That helps answer the now rhetorical question of "why would a provider want an Internet presence?"

Prior to the HITECH Act that question would likely have been answered as follows:

One answer is that more and more patients expect it and are seeking access to more information about their health conditions online. Another reason is that in the new healthcare universe ( Health 2.0 ) providers will need to compete fiercely for patients by differentiating themselves from the competition. A high quality online presence is likely to become, sooner rather than later, a matter of economic survival. First movers will have an advantage in their respective geographies.

Now the value proposition under HITECH is much more direct. Providers need to develop an Internet presence because they want to get paid their EHR incentives.

That brings me to the point of this post, something that very few healthcare providers are aware of: section 164.520(c)(3) of HIPAA's Privacy Rule states as follows (paraphrasing):

Specific requirements for electronic notice. A covered entity (CE) that maintains a website must make the notice prominently available on its website. A CE may provide notice via email if the individual has agreed to such notice and other requirements of this section are met.

This is not your daddy's heathcare industry anymore. Welcome to HITECH.

Post a comment
Write a comment: