Wednesday, October 16th, 2019 

Key Health IT Related Regulatory Mandates

Financial Reporting “Does your organization have the resources required to adapt rapidly to the changes required by the key health IT related regulatory mandates?”
Initiative Description Assessment Deadline
IT Change Management
HIPAA 5010 (“electronic transaction standards”) Modifies transaction standards HIPAA 4010 for primarily ICD-10 upgrade. Without upgrade, providers or health plans cannot electronically transact business. Pervasive systems upgrade and remediation to existing operating software, hardware, applications, etc. Impact mostly isolated to IT Area. 01/01/2012
ICD-10 Upgrade(“International Classifications of Diseases and Related Problems Version 10 ”) Comprehensive overhaul of medical coding system or set of codes that translates written descriptions of a diagnosis into a coded format. Coding system is deeply ingrained in the operations and technological infrastructure. Invasive transformation-massive systems upgrades and remediation to existing software and business processes including payments, claims adjustment, and actuarial. 10/01/2013
IT Security and Privacy Mgt
HITECH Act Extends the scope of the privacy and security rules of the Health Insurance Portability and Accountability Act (“HIPAA”) and imposes breach notification requirements. HIPAA established comprehensive regulatory framework of Privacy and Security Rules. HITECH expands scope, adds breach notification requirements, and more stringent penalties. 2/17/2010
Gramm-Leach-Bliley (“GLB Act”) Financial Privacy Rules and Safeguard Rules are established under the GLBA. The rules have complex administrative, technical and physical information safeguards. Compliance and managing risks are challenging. Effective
Massachusetts Data Security Regulations Imposes detailed administrative and technical obligations on any business handling personal information of Massachusetts residents. Companies need to apply rules to all business or carve out and apply to Massachusetts residents only. 3/01/2010
Red Flag Rules FTC requires companies to have written identity theft prevention and notification programs containing “red flag” policies to detect potential fraud in order to prevent or mitigate effects of identity theft. Companies need to define and document their policies and identify red flags. The policies and procedures are required to be annually updated. 12/31/2010
© 2006-2019 HRMSI - Key Health IT Related Regulatory Mandates