Proposed EHNAC HITECH Criteria
EHNAC has developed draft criteria reflecting new rules and regulations generated from the American Recovery and Reinvestment Act (ARRA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act signed into law by President Obama in February 2009. This legislation amends existing rules and regulations and provides new HIPAA standards to strengthen security and privacy protections. The HITECH Act contains privacy and security provisions applicable to covered entities and their third-party business associates. Perhaps most significantly, the new law increases the legal obligations of business associates and makes them directly subject to the requirements of HIPAA.
Because of this legislation, organizations that handle or manage PHI are subject to an expanded range of rules and regulations surrounding data privacy and security. Therefore EHNAC has taken the initiative to include key provisions of ARRA and HITECH and developed the draft criteria to enhance its requirements for all of its accreditation programs, where applicable. Additional guidance is forthcoming during first quarter of 2010 for this legislation and EHNAC is awaiting those revisions to finalize the draft criteria before making it available for public comment and review and incorporation into its programs. The draft criteria available should be used as guidance for those organizations currently engaged in the accreditation process and for those considering applying for the process.
In an effort to more closely align with key provisions of the federal legislation, including the American Recovery and Reinvestment Act (ARRA) of 2009, and the Health Information Technology for Economic and Clinical Health (HITECH) Act, EHNAC developed these documents to outline the synergies and gaps within existing EHNAC program criteria.