NMU's Compliance Database - Northern Michigan University
Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009
| Reviewed By | Internal Auditor Owner |
| URL: | https://www.hipaajournal.com/what-is-the-hitech-act/ |
| Regulation Reference Cite | Public Law No. 111-5: 45 C.F.R. § 160; 45 C.F.R. § 164 |
| Report Due Date (Actual) | N/A |
| Level | Requirement |
| Oversight Unit | INFORMATION TECHNOLOGY-TECHNICAL SERVICES |
| Person Responsible | Jerome Anderson |
| Secondary Person Responsible | David Maki |
| President / VP Level | Finance |
| Description |
HITECH broadens HIPAA by extending coverage to business associates. Covered providers must implement administrative/physical/technical safeguards for Protected Health Information (PHI). Section 13402 of HITECH requires that covered entities notify affected individuals and the Secretary of the DHHS and, in some cases, the media following the discovery of a breach of unsecured PHI. Unsecured PHI is PHI that is not secured via technologies and methodologies, as defined by DHHS guidance, that make the PHI unusable, unreadable, or indecipherable to unauthorized individuals. |
| Contacts and Data Sources |
| Jerome Anderson and Dave Maki |