The Health Insurance Portability and Accountability Act of 1996 (HIPAA) enacted various privacy and security protections related to patient health information. The majority of health care providers, including optometrists, are required to comply with HIPAA. Since HIPAA became law, there have been a number of regulations issued that govern how health care providers must protect the privacy of the patients they treat. Included below are resources and information to assist optometrists in complying with HIPAA.
The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules are federal law. The Privacy Rule gives individuals rights over their health information and sets rules and limits on who can look at and receive health information. The Security Rule delineates safeguards to protect health information in electronic form and helps to ensure that electronic protected health information is secure.
Individuals, organizations, and agencies that meet the definition of a "covered entity" must comply with HIPAA. An optometrist is considered a "covered entity" if he/she transmits any information in an electronic form in connection with a transaction for which the Department of Health and Human Services (HHS) has adopted a standard. For example, submitting an electronic claim to Medicare or another payer is such a transaction. HHS has a tool for determining if you are a covered entity available here.
Updated HIPAA regulations were issued in January 2013. Changes made by the new regulations account for various changes in health care practices, including the increased use of electronic health records. The majority of the provisions in the updated HIPAA regulations have a compliance deadline of September 23, 2013.
Combined Text of all HIPAA Rules (Updated March 2013)
HIPAA Omnibus Final Rule (Issued January 2013)
HIPAA Breach Notification Rule (Issued August 2009)
HIPAA Security Rule Summary (Compliance was required as of April 20, 2005)
HIPAA Privacy Rule Summary (Compliance was required as of April 14, 2003)
Templates and Forms
Notice of Privacy Practices (Updated June 2013)
HHS Sample Business Associate Agreement
File a HIPAA Complaint
Security Risk Assessment Tool
AOA Frequently Asked HIPAA Questions
Updated HIPAA Regulations-What Optometrists Need to Know Now (March 2013)
HHS Offers HIPAA Webinars for Small Health Practices (Summer 2013)
HHS Office for Civil Rights Health Information Privacy
HHS HIPAA Frequently Asked Questions
HHS Guidance on Significant Aspects of the Privacy Rule
HHS HIPAA Training Materials
HHS Fast Facts for Covered Entities
Overview of HIPAA Transactions and Code Sets Regulation
Sign up for the HHS Office of Civil Rights Privacy and Security Listserv
Additional HIPAA compliance resources are available at: http://www.aoa.org/optometrists/tools-and-resources/hipaa-compliance
Questions regarding HIPAA regulations not addressed in the above resources can be directed to the American Optometric Association (800-365-2219) or firstname.lastname@example.org.