If you haven’t done so already, consider circling September 23, 2013 on your calendar. That’s the day that the federal government will start enforcing changes to the Health Insurance Portability and Accountability Act (HIPAA).
To read other articles in Medical Economics' series "Making sense of government regulations," click here.
If you haven’t done so already, consider circling September 23, 2013 on your calendar. That’s the day that the federal government will start enforcing changes to the Health Insurance Portability and Accountability Act (HIPAA). The changes affect everything from how you secure your patients’ protected health information to the contracts you sign with vendors to what you need to tell patients about their privacy rights. Although the new regulations officially took effect in March, physicians and other entities covered by HIPAA were given 6 months to comply. The U.S. Department of Health and Human Services, which developed the regulations, says the updates are needed to account for the widespread use of electronic health records and other changes in health information technology that have occurred since HIPAA was enacted in 1996.
Compliance with the updated regulations require medical practices to:
The penalty for unauthorized disclosure of PHI consists of fines that range from $100 to $50,000, depending on the circumstances of the disclosure and the size of the practice.
The new regulations also:
The regulations will be enforced by the Office of Civil Rights, part of the U.S. Department of Justice. More information about the updated HIPAA regulations is available at www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/index.html.
To get ready, experts say, conduct a thorough evaluation of your practice operations to make certain you remain in compliance for data security, privacy, and reporting of breaches.