ANX Corporate Blog: Posts tagged as regulations
Showing 1 through 3 of 3 total posts
Jul 28th 2011, 15:49
HITECH Privacy and Security Regulations Update
While the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 is over two years old, most people do not realize that many of its requirements are not fully in place yet, specifically the data security and privacy requirements.
Originally, many of HITECH's requirements around privacy and security were supposed to be effective on February 17, 2010. HHS has stated that the expected date of compliance and enforcement of these new requirements, except for the data breach rules, will be delayed until a period after the issuance of the final rules, which are not out yet. Recently, the HHS announced that the final rules implementing HITECH's changes to privacy, security, and data breach notification will be issued together sometime this year,
Originally, many of HITECH's requirements around privacy and security were supposed to be effective on February 17, 2010. HHS has stated that the expected date of compliance and enforcement of these new requirements, except for the data breach rules, will be delayed until a period after the issuance of the final rules, which are not out yet. Recently, the HHS announced that the final rules implementing HITECH's changes to privacy, security, and data breach notification will be issued together sometime this year,
Jul 28th 2011, 15:48
HITECH Accounting of Disclosures Rule
The HITECH act Sec 13405(c) establishes a new right for patients to receive an accounting of who accessed their PHI.
HHS released a Notice of Proposed Rulemaking (NPRM) relating to this new right that expands on the text of the law and has significant impact to covered entities and business associates.
The new proposal creates the right for a patient to obtain a report of all uses and disclosures of their PHI. Since the HIPAA Security Rule requires audit logging, there is a presumption that this data is already collected. There is substantial disagreement as to whether the Security Rule actually requires all the logging that would be necessary to meet this new reporting requirement, and it is doubtful that most companies could easily accommodate such a request. Essentially, this
HHS released a Notice of Proposed Rulemaking (NPRM) relating to this new right that expands on the text of the law and has significant impact to covered entities and business associates.
The new proposal creates the right for a patient to obtain a report of all uses and disclosures of their PHI. Since the HIPAA Security Rule requires audit logging, there is a presumption that this data is already collected. There is substantial disagreement as to whether the Security Rule actually requires all the logging that would be necessary to meet this new reporting requirement, and it is doubtful that most companies could easily accommodate such a request. Essentially, this
Jul 28th 2011, 15:44
Canada's Anti-Spam Law
In December, 2010, Canada filling passed federal anti-spam legislation, after being the only G8 country not to have one. It was Bill C-28, formerly know as Fighting Internet and Wireless Spam Act (FISA). That name was dropped and now it has a variety of names, including Canada's Online Protection Legislation (COPL)
This law now gives Canada the strictest such law in the world and will have dramatic effects on businesses operating in Canada. Unlike the US, where CAN-SPAM covers only email, this law covers any electronic message, which is defined as "a message sent by any means of telecommunication, including a text, sound, voice or image message." So this would encompass all unsolicited email, text messages, tweets, instant messages sent to a business person. It does not
This law now gives Canada the strictest such law in the world and will have dramatic effects on businesses operating in Canada. Unlike the US, where CAN-SPAM covers only email, this law covers any electronic message, which is defined as "a message sent by any means of telecommunication, including a text, sound, voice or image message." So this would encompass all unsolicited email, text messages, tweets, instant messages sent to a business person. It does not