2014-08-08 13:55:31 -
• The HIPAA regulations define the relationship between providers and patients and provide certain rights to patients. Patients hae various rights of access, amendment, restriction of disclosures, accounting of discolosures, limitations on marketing and fundraising, privacy, and security. The rights of individuals and the HIPAA Privacy Officer's obligation to provide those rights wlll be discussed.
• In addition, new changes modifying the HIPAA Regulations have gone into place to meet the requirements within the HIPAA Omnibus Update Rule implementing the HITECH Act in the American Recovery and Reinvestment Act of 2009.
• Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules. Electronic records have new demands placed on them, in both providing access
and in restricting some disclosures of health information – the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be restricted in an EHR and review the various ways patient records can be supplied electronically.
• If you are required to have a HIPAA Notice of Privacy Practices, you will need to update that to show all the new rights that patients will have, such as electronic copies, new rights to restrict disclosures, and much more.
• The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be changed and how. We will describe the evidence you must produce if you are audited by the HHS Office of Civil Rights.
• Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty.
• Whereas the former practice of USDHHS has been to audit compliance only in instances where a violation was reported, the law now requires USDHHS to conduct a regular HIPAA compliance audit program, and a new program will be getting under way in 2014.
• All HIPAA-covered providers need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the rules as well as the new changes in the rules. Compliance is required and violations for willful neglect of the rules begin at $10,000.
• With the far-reaching changes in the rules and the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements