The HIT Policy Committee’s new Privacy and Security Tiger Team workgroup is striving to establish the requirements that intermediaries in personal health information (PHI) message transactions will be subject to. Under HIPAA, parties which have access to PHI are deemed covered entities (CEs), required to establish business associate agreements (BAAs) which obligate them to handle the data in certain ways. With the rise of health information exchange under the HITECH Act, the Office of the National Coordinator created the Tiger Team to provide it with guidance in governing health information organizations (HIOs) — or third-party intermediaries which have varying degrees of involvement with the messages.
The HIT Standards Committee — a federal advisory body created to guide the Office of the National Coordinator (ONC) for Health Information Technology in its implementation of the HITECH Act — spent the initial part of its monthly meeting this week struggling with issues of communication, structure and capacity. One reason for that struggle with […]