« Free medical Spanish... | Main | Get the 2010 immuniz... »

Friday, February 12, 2010

Three new HIPAA rules take effect this month

Over the next two weeks, three significant HIPAA changes mandated by the Health Information Technology for Economic and Clinical Health Act will take effect. Is your practice ready?

Beginning Feb. 17, your practice's "business associates" (i.e., any organization to which your practice submits electronic patient information) must comply with the HIPAA security rule, and your agreements with these entities must be amended to reflect their new obligations. Your agreements should outline the responsibilities of each party in the event of a breach, including how long the business associate has to report a breach to your practice once it has been discovered and who will cover the costs of notifying patients about a breach.

Beginning Feb. 18, if a patient is paying in full out of pocket for health care services, he or she may request that your practice not disclose his or her medical information to a health plan or other entity, including state pharmacy registries. You must comply with these requests.

Beginning Feb. 22, enforcement of the Breach Notification Rule goes into effect. The rule requires HIPAA-covered entities (e.g., physicians, hospitals and health plans) and their business associates to notify patients of breaches of their health information. For breaches involving 500 people or less, you must provide written notice to each affected individual, describing the nature of the breach, the type of patient information disclosed, steps they can take to protect themselves and steps your practice is taking to remedy the situation. If the breach affects more than 500 individuals, you must notify prominent media outlets in the area and must immediately report the incident to the Department of Health and Human Services.

« Free medical Spanish... | Main | Get the 2010 immuniz... »

Comments:

You must be logged in to view or post comments. Login

Want to use this article elsewhere? Get Permissions