Tuesday, January 12, 2010

HIPAA and HITECH

If you feel HIPAA is changing the way it is being audited or you feel that the rules are changing as we speak, the answer is.......You are right!

HIPAA and HITECH have rolling changes that you should be aware of.

This are a few points that you should ask your legal department about.

Fines have increase which fund the auditing of HIPAA compliancy. Be aware and be ready. Here are a few points that I have pick up through my reading. You have about a month to prepare for these.

By February 17, 2010
• HITECH Act’s restrictions on marketing and fundraising take effect.
• Deadline for the HHS secretary to issue guidance on how covered entities must comply with “de-identification” of PHI, or limits that apply when CE’s use patients’ information for research purposes.
• HHS (& FTC) study on privacy and security requirements for PHR vendors and applications.
• GAO study on best practices for disclosures for treatment (and use of electronic informed consent).
• First annual report on HIPAA enforcement.
• First annual guidance on the most effective and appropriate technical safeguards for health information.
• HHS study on de-identification.
• HHS implements health information privacy educational initiative.

Effective February 17, 2010
• Application of rules to, and accountability for, business associates.
• Clarification of which entities are required to be business associates (although arguably already accomplished for most RHIOs & HIEs through HIPAA guidance issued by HHS in December 2008).
• Right to restrict disclosures to health plans.
• Deeming of limited data set as satisfying minimum necessary standard.
• Right of electronic access/electronic copy.
• Clarification of marketing provisions.
• Opt-out for fundraising communications (although current HIPAA Privacy Rule provisions remain in effect).
• Clarification of ability to impose criminal penalties against individuals.
• Civil monetary penalties and settlements flowing to OCR for enforcement.
• Requirement for Secretary to periodically audit entities covered by HIPAA.

As I said before please get the advise of your legal department. You may be exposed.

If you would like to read more about some of these rolling changes see our link.
Posted by at No comments:
Subscribe to: Posts (Atom)