Expanded HIPAA Requirements May Affect Your Business
On Jan. 25, The Office for Civil Rights (OCR) of the Department of Health and Human Services issued the final rule amending the HIPAA privacy security, enforcement and breach notification requirements. The rule signifies the largest expansions of the HIPAA privacy, security, enforcement and breach notification efforts in at least a decade.
Bingham Greenebaum Doll LLP attorneys Michelle Browning Coughlin, Alan J. Dansker and Daniel E. Fisher cover the new amendments to HIPAA and what they entail in a recent article featured on The Lane Report website.
Among the changes, HIPAA has expanded its reach to business associations, which proves to be the most challenging of the final rule for compliance. Any business working with healthcare providers is now directly responsible under HIPAA for the implementation of privacy and security measures to protect personal health information.
The article explains that in addition, the final rule requires covered entities under the HIPAA regulations to review, revise and redistribute their Notice of Privacy Practices (NPP). The NPP must include a notice regarding a patient’s right to opt-out of certain fundraising and a right to prevent certain information from being shared with the patient’s health plan when the patient pays out of pocket.
Other amendments of the final rule alter the breach notification risk assessment requirements, and include various changes to the research authorization, marketing, fundraising and sale of personal health information requirements. The final rule notes that compliance with the new requirements should be in place by September 2013. Noncompliance with the new requirements could result in civil and even criminal penalties.
Click here for the full article on The Lane Report website.