The U.S. Department of Health and Human Services (HHS) issued a final rule implementing changes to the Health Information Portability and Accountability Act (HIPAA), including a requirement for physicians to update their patient Notice of Privacy Practices. View copy of the rule.
On this page:
NEW! Does Running Windows XP Violate HIPAA Privacy Rules? — Jeffery Daigrepont, Senior VP, Coker Group
HIPAA Compliance Essentials: What You Need to Know to Prepare for an Audit — Recorded Webinar
The federal government has stepped up enforcement of HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Find out if your practice meets HIPAA requirements for privacy, security and breach notification with this webinar. Expert instructors will show you what you need to know to evaluate your risk of noncompliance and identify areas to improve. Register today to learn how to be proactive and better prepared for a HIPAA audit or investigation. Compared to the cost of fines and civil penalties for noncompliance, audit prevention costs far less.
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued two reports to Congress last week (June 2014). These reports provide information about breaches of protected health information and violations of the HIPAA privacy and security rules. Additionally, these reports provide examples to Academy and AAOE members of things to be aware of and the importance of compliance with HIPAA rules.
According to the reports, 115 HIPAA audits continue to show deficiencies with regard to the privacy, security and breach notification rules because covered entities are unaware of the requirements. OCR plans to integrate the next round of audits into its program during 2014 and is updating protocols and new requirements. Covered entities and business associates can use the updated protocol, which will be posted to the OCR website, for their own internal compliance assessments.
What must be updated or developed by Sept. 21, 2013?
The Office for Civil Rights (OCR) of the Department of Health and Human Services added a planning resource to its website to assist law enforcement and emergency planners when addressing information sharing situations where the HIPAA Privacy Rule may be at issue. The HIPAA Guide for Law Enforcement describes the HIPAA Privacy Rule and identifies entities that are and are not required to comply. The guide also outlines several disclosure permissions that allow the disclosure of health information to law enforcement in common law enforcement situations, such as during an emergency response. OCR worked with the HHS Assistant Secretary for Preparedness and Response and the Federal Bureau of Investigation to develop the guide. You may access the new materials here.
On Sept. 19, the HHS Office for Civil Rights (OCR) issued guidance on how the changes to the HIPAA Privacy Rule’s marketing provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act and Omnibus Rule apply to refill reminders and other communications about drugs or biologics currently being prescribed for individuals. The new Fact Sheet and corresponding Frequently Asked Questions (FAQs) explain how the refill reminder exception to the marketing rule works, and address both the scope of communications that fall within the exception, as well as the types of third party payments that are considered “reasonable” under the statute and regulations for making such communications. In addition, the Secretary has decided, as an exercise of her discretion, not to enforce the restrictions on remunerated refill reminders and other communications about drugs and biologics for a period of 45 days following the Sept. 23, 2013, compliance date, or until Nov. 7, 2013.
Also released are new fact sheets and FAQs that provide guidance on the Omnibus Rule changes to how the HIPAA Privacy Rule applies to decedent information and disclosures of proof of student immunizations to schools.
You can access the new guidance materials at http://www.hhs.gov/ocr/hipaa/.
The HIPAA Privacy Rule gives individuals a right to be informed of the privacy practices of health plans and health care providers and of their privacy rights regarding their personal health information. Health plans and covered health care providers (covered entities) are required by HIPAA to develop and distribute a notice that provides a clear, user-friendly explanation of these rights and practices.
The model Notices of Privacy Practices, released on Sept. 16 by the ONC and the HHS Office for Civil Rights (OCR), can help providers and plans by
NEW! Business Associate Agreement Template [DOC 79K] — AAOE member login required.