Posted by: RedaChouffani
With the increased activities around Health Information Exchange and over $547,703,438 awarded to different states. HHS recognized that more health information will be digitized and captured. The risks of data theft and breach become more eminent. In an effort to ensure privacy, the HHS decided to Strengthen Health Information Privacy by modifying some of the existing HIPAA rules available today.
On July the 14th, 2010 the Human and Health Services HHS will release the official version of proposed rule making modifications to the 1996 HIPAA privacy rules. The current proposed changes which have been published Click Here
In a news release from July 8th, 2010, HHS announced the following:Here
“The proposed rule announced today would strengthen and expand enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Enforcement Rules by:
* expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans.
* requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
* setting new limitations on the use and disclosure of protected health information for marketing and fundraising; and
* prohibiting the sale of protected health information without patient authorization.
Many of the new regulatory and compliance changes are driving practices to reevaluate their security protocol, policies and procedures. These organizations are updating their business agreements and ensuring all the business associates have signed the new contracts. Some are also performing HIPAA technical audits and reviewing internal policies and procedures for access to medical records.
The updated document also contains information that will affect health organizations and patient’s right to access their electronic health records. In the proposed modified ruling the following section outlines See The HIPAA Privacy Rule’s Right of Access and Health Information Technology (providing guidance with respect to how § 164.524 applies in an electronic environment and how health information technology can facilitate providing individuals with this important privacy right), available at: Here for additional details.
While these changes are intended to ensure the privacy, and protection of all health records. It is critical for health organizations to be familiar with the ruling regardless of the size. In some organizations the operational budget does allow for a dedicated HIPAA compliance officer, however, in the case of a small medical practice, the administrator would take on that responsibility. In this case, they should most likely request some outside assistance to review their compliance standing. Keeping in mind that in the case of an unfortunate incident or HIPAA violation, organizations will face penalties (financial and criminal). Unfortunately there has been many cases of HIPAA violations. They are currently being posted in the wall of Shame site as part of the HHS. The site can be viewed here: click here