The Health Insurance Portability and Accountability Act of 1996, also known as HIPAA to anyone in the healthcare field, received an update this past week with the release of a new 536-page ‘HIPAA omnibus final rule.’ The momentous update clarifies patients’ rights as they pertain to health information. It also increases penalties and ultimately updates an outdated Act for a modernized, digital world. Let’s take a look at the main provisions in the 2013 update:
For Patients…
The greatest change in the HIPPA omnibus final rule comes for patients, and increases their instant access to their own digital health records. In the past, an ‘individual (was) entitled to receive a copy in the form or format requested if readily producible.’ However, if the physician did not use digital formatting, you got a hard copy and that was the end of it, if you could get that hard copy.
With the HIPAA update, patients can now request electronic health records, and they’ll get them. In addition to the health records update, patients paying with cash for medical treatment can ask that the treatment or procedure NOT be shared with their health plan.
For Providers and ‘Business Associates’…
- A change that makes business associates and their subcontractors liable for breaches of personal health information
- An enhanced right for patients to obtain electronic copies of their records
- An enhanced right for individuals to request restrictions regarding disclosure of their PHI
- A change to the breach notification rule in which any disclosure of PHI is presumed to be a breach
1 – Previously, only business and contractors who “signed a business associate agreement with a covered entity” were held liable should there be a breach of security. With the new HIPAA regulations, several new entities are considered ‘business associates’ and thus are responsible for following HIPAA regulations in accountability for the privacy and security of personal health information.
2 – As talked about above, patients now have the right to request and receive digital copies of their health information on-demand. They also have the right to request that personal health information be sent to any designated entity, including other doctors, caregivers, or online personal health apps. Once the patient receives their electronic medical records, it is their right to share those records with whomever they choose, and the ultimate accountability lies in their hands.
3 – This is a provision that requires providers to stay ‘hush, hush’ regarding a treatment or procedure if the patient pays in full, in cash, and requests the information remain secret from their insurance company.
4 – This is probably the most substantial change to the HIPPA omnibus final rule, stating that ‘any unauthorized acquisition, access, use, or disclosure of personal health information automatically will be presumed a breach until a provider or covered entity can show, via a risk assessment, that the likelihood of such PHI being compromised is low.’
The HIPPA omnibus final rule is exceedingly important to understand as both a healthcare marketing firm as well as medical provider, and even as a patient. The experienced team at Quaintise will sit down with you to discuss these new updates. With our Quaintise legal team, combined with our healthcare marketing professionals, understanding and adhering to the new HIPAA regulations is our responsibility.
For more information, visit the official U.S. Department of Health & Human Services press release, or The HIPAA Regulations Section-By-Section Updated to Include the January 2013 Amendments
"by Kandice Linwright" at Google+