Healthcare Daily Digest for 20 February 2013: Getting A Grip on HIPAA Before it Gets a Grip on Your Organization

  • Email
  • Print
  • Printing Articles

    1. Click here to print!
    2. ...or print directly from your browser by choosing File > Print... from the menu or by pressing [Ctrl + P]. Our printer-friendly stylesheet will make sure extraneous website stuff isn't printed.
    3. You're done!

    Close this message.

  • Comments
  • RSS

When looking at headlines to figure out what you should and should not be devoting your staff capital to — the folks at The Lane Report think your best bet might be in strengthening and tightening your HIPAA protocol.

“The Office for Civil Rights (OCR) of the Department of Health and Human Services issued the final rule on Jan. 25 amending the HIPAA privacy, security, enforcement and breach notification requirements. The final rule signals the largest expansion of the HIPAA privacy, security, enforcement and breach notification efforts in at least a decade. Any entity that works with a healthcare provider or a business associate of a healthcare provider must determine whether these changes will also affect their business relationships.”

The things you’ll want to watch for:

1) Breach notification risk assessment requirements have changed
“Previously, a risk of harm threshold was considered in determining whether a breach had occurred. The OCR’s changes in the final rule create almost a presumption of a “breach,” which will seemingly make it more likely that a business will be required to notify those individuals whose personal health information has been affected, HHS and possibly the media.”

2) If you’re a covered entity, you’ll need to update your privacy practices
“Covered entities are required under the HIPAA regulations to review, revise, and redistribute their Notice of Privacy Practices (NPP). The NPP must reflect certain situations where authorizations to use or disclose personal health information are needed, particularly in the case of psychotherapy notes, as well as marketing and sales of personal health information.”

3) Increased enforcement and penalties
“The final rule notes that compliance with these requirements, including revised business associate agreements, should be in place by September 2013. Business associates and covered entities in violation of the regulations could be subject to the statutorily-mandated increases in the civil monetary penalties authorized under the rules. Covered entities and their business associates must take action to make sure they are in compliance with the HIPAA regulations. The past two years have shown evidence of the OCR’s intent to increase auditing and enforcement efforts, not just for large health care entities, but soon, for small covered entities, business associates and their subcontractors.”

Wednesday’s headlines:

  • Wondering Where California’s Money’s Going To?: That would be salaries and healthcare, according to a recent report.
  • This Seems a Bit TOO Obvious: The New York Times suggests we should fix Medicare to save it. “Medicare trustees in their most recent report issued a ‘Medicare funding warning’ again, for the sixth straight year. Yet despite the looming crisis, before lawmakers start cutting benefits, raising premiums or increasing taxes, let’s fix Medicare first and make it worth saving.”
  • Email
  • Print
  • Printing Articles

    1. Click here to print!
    2. ...or print directly from your browser by choosing File > Print... from the menu or by pressing [Ctrl + P]. Our printer-friendly stylesheet will make sure extraneous website stuff isn't printed.
    3. You're done!

    Close this message.

  • Comments
  • RSS

Posted in Medical Receivables, Patient Financial Services .

×
Subscribe to never miss important news and resources from insideARM.com:

Continuing the Discussion

We welcome and encourage readers to comment and engage in substantive exchanges over topics on insideARM.com. Users must always follow our Terms of Use. Also know that your comment will be deleted if you: use profanity, engage in any kind of hate speech, post an incoherent or irrelevant thought, make a point of targeting anyone, or do anything else we find unsavory. Your comment will be posted under your current Display Name, shown below. If you'd like to change your Display Name, you must update it on the My Profile page.

Leave a Reply