|
|
 | | | |
- close
- close
- close
- close
These excerpts taken from the WBMD 10-K filed Feb 27, 2009. HIPAA
Privacy Standards and Security Standards
The Privacy Standards and Security Standards under the Health
Insurance Portability and Accountability Act of 1996 (or HIPAA)
establish a set of national privacy and security standards for
the protection of individually identifiable health information
by health plans, healthcare clearinghouses and healthcare
providers (sometimes referred to as “covered entities”
for purposes of HIPAA). The Privacy Standards and Security
Standards do not currently apply directly to our businesses.
However, the American Recovery and Reinvestment Act of 2009
(“ARRA”) enhances and strengthens the HIPAA Privacy
and Security Standards and makes certain provisions applicable
to those portions of our business, such as those managing
employee or plan member health information for employers or
health plans, that are “business associates” of
covered entities. Currently, we are bound by certain contracts
and agreements with covered entities that require us to use and
disclose protected health information in a manner consistent
with the Privacy Standards and Security Standards in providing
services to those covered entities. Beginning on
February 17, 2010, some provisions of the HIPAA Privacy and
Security rules will apply directly to us. In addition, ARRA
imposes data breach notification requirements on vendors of
Personal Health Records that will require us to notify affected
individuals and the Federal Trade Commission in the event of a
data breach involving the unsecured personal information of our
users. These new Privacy and Security provisions will require us
to incur additional costs and may restrict our business
operations. In addition, these new provisions will result in
additional regulations and guidance issued by HHS and will be
subject to interpretation by various courts and other
governmental authorities, thus creating potentially complex
compliance issues for us and our customers and strategic
partners.
Currently, only covered entities are directly subject to
potential civil and criminal liability under the Privacy
Standards and Security Standards. However, depending on the
facts and circumstances, we could be
Table of Contents
subject to criminal liability for aiding and abetting or
conspiring with a covered entity to violate those Standards. As
of February 17, 2010, we will be directly subject to
HIPAA’s criminal and civil penalties.
HIPAA Privacy Standards and Security Standards The Privacy Standards and Security Standards under the Health Insurance Portability and Accountability Act of 1996 (or HIPAA) establish a set of national privacy and security standards for the protection of individually identifiable health information by health plans, healthcare clearinghouses and healthcare providers (sometimes referred to as “covered entities” for purposes of HIPAA). The Privacy Standards and Security Standards do not currently apply directly to our businesses. However, the American Recovery and Reinvestment Act of 2009 (“ARRA”) enhances and strengthens the HIPAA Privacy and Security Standards and makes certain provisions applicable to those portions of our business, such as those managing employee or plan member health information for employers or health plans, that are “business associates” of covered entities. Currently, we are bound by certain contracts and agreements with covered entities that require us to use and disclose protected health information in a manner consistent with the Privacy Standards and Security Standards in providing services to those covered entities. Beginning on February 17, 2010, some provisions of the HIPAA Privacy and Security rules will apply directly to us. In addition, ARRA imposes data breach notification requirements on vendors of Personal Health Records that will require us to notify affected individuals and the Federal Trade Commission in the event of a data breach involving the unsecured personal information of our users. These new Privacy and Security provisions will require us to incur additional costs and may restrict our business operations. In addition, these new provisions will result in additional regulations and guidance issued by HHS and will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our customers and strategic partners. Currently, only covered entities are directly subject to potential civil and criminal liability under the Privacy Standards and Security Standards. However, depending on the facts and circumstances, we could be
Table of Contentssubject to criminal liability for aiding and abetting or conspiring with a covered entity to violate those Standards. As of February 17, 2010, we will be directly subject to HIPAA’s criminal and civil penalties. | EXCERPTS ON THIS PAGE:
|
| |||||||
