10. Springhill must amend business associate agreements to incorporate expanded privacy and security rule obligations. EXPANDED OBLIGATIONS
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21. August 2009 : Breach notification provisions and PHI breach notification February 2010 : Business Associates and Marketing; Employees of covered entities may have independent criminal liability August 2010 : Minimum Necessary and Prohibition on sale of electronic health records/PHRs. January 2011 : Accounting for Disclosures February 2011 : Enforcement for ‘ willful neglect’
22.
23. Health Information Technology American Recovery and Reinvestment Act (Recovery Act) Implementation Plan Office of the National Coordinator for Health Information Technology Funding Table Total Appropriated (Dollars in Millions) Privacy and Security* $ 24.285 National Institute of Standards and Technology (NIST) 20.000 Regional HIT Exchange 300.000 Unspecified 1,655.715 Total, Health Information Technology $ 2,000.000 *Note: This dollar figure, $24,285,000, includes an estimated $9.5 million for audits by the Office for Civil Rights and the Centers for Medicare & Medicaid Services.