| Initiative |
Description |
Assessment |
Deadline |
| IT Change Management |
| HIPAA 5010 (“electronic transaction standards”) |
Modifies transaction standards HIPAA 4010 for primarily ICD-10 upgrade. Without upgrade, providers or health plans cannot electronically transact business. |
Pervasive systems upgrade and remediation to existing operating software, hardware, applications, etc. Impact mostly isolated to IT Area. |
01/01/2012 |
| ICD-10 Upgrade(“International Classifications of Diseases and Related Problems Version 10 ”) |
Comprehensive overhaul of medical coding system or set of codes that translates written descriptions of a diagnosis into a coded format. Coding system is deeply ingrained in the operations and technological infrastructure. |
Invasive transformation-massive systems upgrades and remediation to existing software and business processes including payments, claims adjustment, and actuarial. |
10/01/2013 |
| IT Security and Privacy Mgt |
| HITECH Act |
Extends the scope of the privacy and security rules of the Health Insurance Portability and Accountability Act (“HIPAA”) and imposes breach notification requirements. |
HIPAA established comprehensive regulatory framework of Privacy and Security Rules. HITECH expands scope, adds breach notification requirements, and more stringent penalties. |
2/17/2010 |
| Gramm-Leach-Bliley (“GLB Act”) |
Financial Privacy Rules and Safeguard Rules are established under the GLBA. |
The rules have complex administrative, technical and physical information safeguards. Compliance and managing risks are challenging. |
Effective |
| Massachusetts Data Security Regulations |
Imposes detailed administrative and technical obligations on any business handling personal information of Massachusetts residents. |
Companies need to apply rules to all business or carve out and apply to Massachusetts residents only. |
3/01/2010 |
| Red Flag Rules |
FTC requires companies to have written identity theft prevention and notification programs containing “red flag” policies to detect potential fraud in order to prevent or mitigate effects of identity theft. |
Companies need to define and document their policies and identify red flags. The policies and procedures are required to be annually updated. |
12/31/2010 |
