HIPAA GETS AN UPDATE: What You Need to Know Now
SOURCE: ACA News ~ November 2013
By Julie Lenhardt, Sr. Director, Insurance Advocacy
POP QUIZ: Do you know why Sept. 23, 2013, was significant for covered entities?
It’s because Sept. 23 was the date by which covered entities must be compliant with the new portions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that were added when the omnibus rule was finalized in January. What do you need to do in order to be compliant? ACA will help you answer that question and will provide you with the resources you need to be compliant.
The following steps are recommended, at a minimum. These suggestions do not take into consideration state provisions that may be more stringent than the federal regulations. Certainly, guidance should always be sought from your attorney, and your malpractice carrier may also offer some assistance as well.
(Note: If you are not sure you are a covered entity, you may check the Centers for Medicare and Medicaid Services website)
STEP 1: Update your clinic’s
Notice of Privacy Practices (NPP) –
The Omnibus Rule made several changes to how and when providers must get patient authorization to release Protected Health Information (PHI). The changes need to be reflected in a covered entity’s NPP.
(Note: Existing patients do not need to be provided with a copy of the new NPP: only patients new to the practice must receive it. However, a copy of the updated NPP must be prominently displayed and must be provided to existing patients if they request it.)
After the NPP is updated, provide it to all new patients seen on or after Sept. 23, 2013, and post the new NPP prominently for all existing patients to read.
(See ACA sample at www.acatoday.org/HIPAA)
STEP 2: Update your clinic’s
Authorization Forms to Release PHI