Healthcare Daily Digest for 20 February 2013: Getting A Grip on HIPAA Before it Gets a Grip on Your Organization

When looking at headlines to figure out what you should and should not be devoting your staff capital to — the folks at The Lane Report think your best bet might be in strengthening and tightening your HIPAA protocol.

“The Office for Civil Rights (OCR) of the Department of Health and Human Services issued the final rule on Jan. 25 amending the HIPAA privacy, security, enforcement and breach notification requirements. The final rule signals the largest expansion of the HIPAA privacy, security, enforcement and breach notification efforts in at least a decade. Any entity that works with a healthcare provider or a business associate of a healthcare provider must determine whether these changes will also affect their business relationships.”

The things you’ll want to watch for:

1) Breach notification risk assessment requirements have changed
“Previously, a risk of harm threshold was considered in determining whether a breach had occurred. The OCR’s changes in the final rule create almost a presumption of a “breach,” which will seemingly make it more likely that a business will be required to notify those individuals whose personal health information has been affected, HHS and possibly the media.”

2) If you’re a covered entity, you’ll need to update your privacy practices
“Covered entities are required under the HIPAA regulations to review, revise, and redistribute their Notice of Privacy Practices (NPP). The NPP must reflect certain situations where authorizations to use or disclose personal health information are needed, particularly in the case of psychotherapy notes, as well as marketing and sales of personal health information.”

3) Increased enforcement and penalties
“The final rule notes that compliance with these requirements, including revised business associate agreements, should be in place by September 2013. Business associates and covered entities in violation of the regulations could be subject to the statutorily-mandated increases in the civil monetary penalties authorized under the rules. Covered entities and their business associates must take action to make sure they are in compliance with the HIPAA regulations. The past two years have shown evidence of the OCR’s intent to increase auditing and enforcement efforts, not just for large health care entities, but soon, for small covered entities, business associates and their subcontractors.”

Advertisement

Wednesday’s headlines:

  • Wondering Where California’s Money’s Going To?: That would be salaries and healthcare, according to a recent report.
  • This Seems a Bit TOO Obvious: The New York Times suggests we should fix Medicare to save it. “Medicare trustees in their most recent report issued a ‘Medicare funding warning’ again, for the sixth straight year. Yet despite the looming crisis, before lawmakers start cutting benefits, raising premiums or increasing taxes, let’s fix Medicare first and make it worth saving.”

Read it? Love it? Want more of it? Make sure you register on insidePatientFinance.com today for the weekly Patient Finance insider and you won’t miss the ongoing great content from our site!