Banner
  • Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

HIPAA rules complicate compliance, could up fines

Article

The stakes are even higher for security breaches of health information, according to new rules for the Health Insurance Portability and Accountability Act of 1996.

The stakes are even higher for security breaches of health information, according to new rules for the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

In fact, the U.S. Department of Health and Human Services (HHS) recently unveiled these rules in the Federal Register, which are described as the most sweeping changes to HIPAA since its birth more than 15 years ago. Slated to take effect March 26 and with a compliance deadline of September 23, the rules are thought to make compliance for physicians more difficult while expanding the government’s latitude in levying fines to providers from $100 to $1.5 million.

The move by government regulators within HHS’s Office of Civil Rights (OCR) is focused on protecting and expanding individual rights covered by HIPAA.

The final rule:

  • makes business associates of covered entities directly liable for compliance with certain requirements;

  • strengthens limitations on the use of personal health information for marketing and fundraising purposes;

  • prohibits the sale of a patient’s personal health information without specific individual authorization to do so;

  • expands patients’ rights to request and receive electronic copies of their personal health information; and broadens patients’ ability to restrict, in some instances, disclosure of their personal health information to health insurance plans;

  • requires modification to, and redistribution of, a covered entity’s notice of privacy practices;

  • simplifies reporting requirements of child immunizations to schools;

  • expands the Health Information Technology for Economic and Clinical Health (HITECH) Act to address enforcement due to willful neglect; and

  • adopts changes to increase and tier civil monetary penalties.

OCR Director Leon Rodriguez says the rules “strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a healthcare provider, or one of their business associates.”

The final omnibus rule is based on statutory changes under the HITECH Act and the Genetic Information Nondiscrimination Act of 2008, which clarifies that genetic information is protected under the HIPAA privacy rule and prohibits most health plans from using or disclosing genetic information for underwriting.

Related Videos
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health