The U.S. Department of Health and Human Services (HHS) issued a final rule implementing changes to the Health Information Portability and Accountability Act (HIPAA), including a requirement for physicians to update their patient Notice of Privacy Practices. View copy of the rule.
On this page:
What must be updated or developed by Sept. 21, 2013?
The Office for Civil Rights (OCR) of the Department of Health and Human Services added a planning resource to its website to assist law enforcement and emergency planners when addressing information sharing situations where the HIPAA Privacy Rule may be at issue. The HIPAA Guide for Law Enforcement describes the HIPAA Privacy Rule and identifies entities that are and are not required to comply. The guide also outlines several disclosure permissions that allow the disclosure of health information to law enforcement in common law enforcement situations, such as during an emergency response. OCR worked with the HHS Assistant Secretary for Preparedness and Response and the Federal Bureau of Investigation to develop the guide. You may access the new materials here.
On Sept. 19, the HHS Office for Civil Rights (OCR) issued guidance on how the changes to the HIPAA Privacy Rule’s marketing provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act and Omnibus Rule apply to refill reminders and other communications about drugs or biologics currently being prescribed for individuals. The new Fact Sheet and corresponding Frequently Asked Questions (FAQs) explain how the refill reminder exception to the marketing rule works, and address both the scope of communications that fall within the exception, as well as the types of third party payments that are considered “reasonable” under the statute and regulations for making such communications. In addition, the Secretary has decided, as an exercise of her discretion, not to enforce the restrictions on remunerated refill reminders and other communications about drugs and biologics for a period of 45 days following the Sept. 23, 2013, compliance date, or until Nov. 7, 2013.
Also released are new fact sheets and FAQs that provide guidance on the Omnibus Rule changes to how the HIPAA Privacy Rule applies to decedent information and disclosures of proof of student immunizations to schools.
You can access the new guidance materials at http://www.hhs.gov/ocr/hipaa/.
The HIPAA Privacy Rule gives individuals a right to be informed of the privacy practices of health plans and health care providers and of their privacy rights regarding their personal health information. Health plans and covered health care providers (covered entities) are required by HIPAA to develop and distribute a notice that provides a clear, user-friendly explanation of these rights and practices.
The model Notices of Privacy Practices, released on Sept. 16 by the ONC and the HHS Office for Civil Rights (OCR), can help providers and plans by
NEW! Business Associate Agreement Template [DOC 79K] — AAOE member login required.