Association Viewpoint

The Latest Industry Compliance Minefield: HITECH/HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is not new. 

Members of PRISM International have been sifting through the information and  misinformation related to the Privacy Rule since 1999.

The Security Rule surfaced a few years afterward, and those engaged in providing information management services to organizations considered covered entities (CEs) under the law aligned their policies and procedures, trained their employees and offered their business associate agreement to CEs that did not insist on using their own versions. HIPAA prior to the passage of the HITECH (Health Information Technology for Economic and Clinical Health) Act in 2009 was a tiny little garter snake; it was essentially harmless, even if it occasionally inspired fear in those who did not understand its purpose and nature. However, with the passage of HITECH, the industry now faces a king cobra capable of completely destroying a business that does not respond appropriately and prepare adequately to service CEs.

Because of the sudden danger posed by changes to HIPAA, PRISM International is preparing a response to assist its members in clarifying their obligations and responsibilities related to HIPAA. If PRISM is successful, this would provide tremendous relief for paper file storage companies who deal only with sealed cartons and also would assist most other information management service providers in responding to clients who may be “piling on” additional contract provisions under the guise of HIPAA compliance.

At its May meeting, which was held in conjunction with the 30th anniversary of the PRISM International Conference, the PRISM International board of directors reviewed and approved this campaign for use. At that point, all members and non-members of PRISM International who operate in the United States were asked to participate. A packet of materials was distributed along with suggestions for involvement.

HIPAA is a well-established public law and, as such, making any type of change will be difficult, time and resource intensive and require the cooperation of all members of the industry. If your company is not a member of PRISM International, it is extremely important that you join PRISM International to assist with this campaign. Prospective members of the organization are encouraged to contact PRISM International Executive Director Jim Booth at jim@prismintl.org if they are willing to become involved in this association campaign.

Even though the industry is small, if we work together, we may be able to create a better environment for all information management companies in the United States. n

The author is executive director of PRISM International, Garner, N.C., and can be contacted at jim@prismintl.org.