![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
As data breach reports continue to make headlines and health entities work to implement electronic records, three tools were recently released to help organizations meet compliance requirements and manage breaches.
A healthcare accreditation and education organization has
revisions to its Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Standards based on HIPAA provisions in the American Reinvestment and Recovery Act (ARRA). URAC says editorial changes clarify the standards’ intent—so that organizations can demonstrate sufficient data protection safeguards on health data. Key revisions to the privacy standards, which apply to business associates and covered entities, include requiring organizations to acquire opt-in consent for health data uses for fundraising purposes, rather than HITECH’s opt-out requirement.
Meanwhile, the Healthcare Information and Management Systems Society (HIMSS) has partnered with the Medical Group Management Association to produce an online
. The HIMSS Privacy and Security Toolkit for Small Providers allows users to share best practices and tools. The toolkit has been under consideration for years but was accelerated because of meaningful use incentives for electronic healthcare records, said Lisa Gallagher, senior director of privacy and security at HIMSS, adding that the toolkit is a “roadmap” for practices of all sizes needing “basic information on how to navigate the complex privacy and security laws and understand the security components to meet meaningful use.”
Finally, the Online Trust Alliance (OTA) has released a
on preventing data breaches and tips on incident management. The 2011 Data Breach Incident Readiness Guide addresses such topics as incident response teams, privacy and security audits—to include the cloud and outsourced services—and how to communicate to affected parties in case of a breach. Craig Spiezle, executive director and president of OTA, said business leaders must have a readiness plan or risk facing “increased public scrutiny, regulatory pressures and a tarnished brand reputation.”
