The new Omnibus Update to the HIPAA regulations now in effect and fully enforceable, containing numerous changes based, for the most part, on The HITECH Act passed in 2009. The amendments require changes in several areas of operation, including health information management, marketing, fundraising, breach notification and security, and many of the changes will require significant effort to implement.
Some of the most significant changes for medical offices have to do with changes to individual rights under HIPAA that require changes in policies and procedures and must be listed in an entity’s HIPAA Notice of Privacy Practices. All HIPAA-covered healthcare providers must update the way they deal with certain patient requests, or face stiff penalties. And all HIPAA Covered Entities that currently provide a Notice of Privacy Practices must update their NPPs to reflect the changes in individual rights because violations are subject to enforcement that can include fines up to $50,000 per day. Changes to policies and notices will be necessary in areas of patient access to records, restrictions of disclosures, marketing, fundraising, breach notification, and more.
Included are new requirements for the Notice of Privacy Practices to include notice of fundraising activity and an opportunity to opt out, new requirements for individuals to provide authorization for the sale of PHI, new rights of access to electronic records, new rights to restrict certain disclosures, and rights of notice in the event of a breach.
Reimbursed marketing activity that may have been permissible without authorization from the individual under the old rules used to require notice in the NPP. Now all such marketing activity paid for, above costs, by a third party wishing to promote a product or service will require authorization. The Breach Notification Rule has been significantly modified, discarding the “harm standard” used to determine if a breach were reportable, and replacing it with a risk assessment process to determine if there is a “low probability of compromise” of the information.
The changes are numerous and many are subtle. In this audio session, Jim Sheldon Dean will review the new regulations and discuss their effects on HIPAA policies. He will describe the new rights that must be added into your policies and Notice of Privacy Practices, and identify the places where current rights need to be modified.
The work that must be done for updating HIPAA compliance for medical offices will be outlined by Jim, with a to-do list of activities that must be undertaken to ensure compliance, and identification of additional resources and templates. With the far-reaching changes in the rules and the new audits, enforcement, and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements.
Topics covered in the session:
Who should attend Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer
Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...
More Events By The Speaker