Chat with us, powered by LiveChat

New HIPAA Rules Go Into Effect On Monday – What You NEED To Know

The new HIPAA rules that will go into effect September 23rd, 2013 have changes that affect any company that deals with PHI. That means doctors, dentists, nurse practitioners, hospitals, nursing facilities, assisted living facilities, health care insurance companies, medical billing companies, and licensed coding contractors. All of these and others will need to take a careful look at how they are protecting PHI both physically and digitally in order to ensure they escape the hefty fines and penalties. Some of the notable changes are:

  • Patient notifications of breaches
  • Restriction of Disclosure to Insurance Companies
  • Marketing Restrictions
  • Broadened Definition of Responsible Persons
  • Clarification of Fine and Penalty Tiers

Although these have many ramifications for nearly every one working in the health care industry there are three that stand out more urgently:

  1. Patient Notifications of Breaches
  2. Broadened Definition of Responsible Persons
  3. Clarification of Fine and Penalty Tiers

First, patient notifications of breaches are a serious topic especially in the wake of so many penalized breaches since 2009. The largest change to the rule is that all breaches are now considered obligatory reportable unless the breach is determined to have not compromised PHI. This determination is made by using four factors assessing the risk to the PHI.

Second, a broadened definition of responsible persons is an expanded view of who is a business associate. Rather than simply holding a patient’s caregiver and their employees responsible of protecting PHI the new rules expand this to anyone who is tasked with transmitting, storing, receiving, converting, copying, selling, using, or even viewing PHI to take the same measures to protect PHI.

Lastly, the fine and penalty tiers have been simplified and explained. The first tier comprises of breaches in which the physician or facility administration could not have reasonably known of the breach. The second tier is made up of cases in which the doctor or facility admin knew of the breach, or would have known, if exercising due diligence but did not employ negligence. The last and most heavily penalized tier is those cases and circumstances where willful neglect has been proven.

These are only a few things to be aware of with the new changes to the HIPAA law going into effect on September 23rd, 2013. You may want to look into hiring a HIPAA security expert to learn more and help ensure you are compliant.