Changes to HIPAA enforcement offer more protection for patient info

A recent update to HIPAA regulates the distribution of health information and cautions providers to stay current on business associate agreements.

September 23 marked the launch date of modifications to the HIPAA enforcement, privacy, security and breach notification rules under the HITECH Act and Genetic Information Nondiscrimination Act (GINA). The document, published January 25, outlines alterations made to HIPAA, designed to strengthen the privacy and security of patients' health records.

Tips for complying with HIPAA regulations

Monitor legacy software

Consider your cloud options

Patient portals causing HIPAA concerns

Some of the changes outlined in the published rule are as follows:

  • Business associates of covered entities are directly liable for compliance with some of the HIPAA privacy and security rule requirements. This means that many health organizations must ensure their vendors and all business associates have signed the latest business associate agreements.
  • Organizations must set up limitations regarding how protected health information is used and disclosed for marketing and other purposes. This would also restrict the sale of health information without actual patient consent and authorization. This may also mean that all organizations using individual information for fundraising purposes might be required to notify the patients and receive their approval prior to releasing their contact information and health details.
  • Health plan providers' access to a patient's treatment record for care that was paid for in full by the patient is restricted.
  • Increases in civil money penalty structure provided by the HITECH Act are now instigated.
  • The final rule on breach notification for unsecured protected health information under the HITECH Act is now active. This replaces the breach notification interim final rule, published Aug. 24, 2009.
  • Health plans are blocked from using genetic information for underwriting purposes, as required by GINA.

Though there were some additional minor adjustments made as part of this ruling, the focus was clearly placed on patient protection. These modifications require technology providers 
-- whether they're working with healthcare providers, payers, practices or other business associates -- to ensure they have adequate safeguards in place to protect private health information.

Reda Chouffani is vice president of development with Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email editor@searchhealthit.com or contact @SearchHealthIT on Twitter.

Dig deeper on HITECH Act and meaningful use requirements

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.