Updated HIPAA rules now in effect

The compliance date for the new, updated Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule is Sept. 23. 

Failure to provide the required HIPAA notices or meet standards may result in investigations and possible civil or criminal penalties.

The federal privacy protection rule applies to health care providers, health plans, other covered entities and their business associates. Revisions, announced in March, require covered entities and their business associates to take the following steps:

  • Conduct a security risk assessment;
  • Revise their existing privacy, security and breach notification policies and procedures;
  • Make copies of those revised privacy policies available to patients;
  • Amend business associate agreements to reflect the new regulations; and
  • Retrain practice staff on the revised policies.

For the first time, the HIPAA privacy and security rules will apply not only to health care practitioners and their business associates but to any subcontractors who provide services to those business associates.

The AOA is providing resources to help you with every step.  

What the new rule covers

The new rule prohibits the sale of federally protected patient health information (PHI). It also prohibits the use of that information for marketing purposes without authorization from the patient. In addition, a patient now may request a practice to withhold disclosure of PHI related to a particular service to a health plan if the patient has paid for the services out-of-pocket. 

Federal law requires practitioners to provide all patients with notices of the measures taken to protect patient information. This is not optional: Failure to provide the required HIPAA notices or meet standards may result in investigations and possible civil or criminal penalties. 

HIPAA resources

On the new HIPAA Compliance section of the AOA website (member login required to view):

On the AOAExcelTM HIPAA page (member login required to view):

  • AOA White Paper: Updated HIPAA Regulations-What Optometrists Need to Know, with questions and answers about the privacy regulations  

In addition, the U.S. Department of Health & Human Services (HHS) offers resources for HIPAA-covered entities and their business associates.

August 5, 2013

comments powered by Disqus