On January 17, 2013 the U.S. Department of Health and Human Services (HHS) announced the release of the HIPAA final omnibus rule, which was years in the making. It modifies the HIPAA privacy, security and enforcement rules and breach notification. The regulation is effective March 26, 2013 with a compliance date of September 23, 2013, for both covered entities and business associates.
Features of the regulation:
- Expands an individual’s right to receive electronic copies of his or her PHI
- Restricts disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.
- Requires covered entities to modify certain elements of their notice of privacy practices and redistribute those revised forms.
- Holds business associates liable for certain HIPAA requirements.
- Clarifies requirements for when a breach must be reported to authorities.
- Adopts increased and tiered civil monetary penalties of up to $1.5 million per violation
- Strengthens the limitations on the use and disclosure of protected health information for marketing and fundraising purposes
- Prohibits the sale of protected health information without individual authorization.
- Prohibits most health plans from using or disclosing genetic information for underwriting purposes, as required by the Genetic Information Nondiscrimination Act.
Stay tuned-the HCA is working on an educational program for our members on these HIPAA changes.
Return to www.thinkhomecare.org