General Discussions

Revised HIPAA Regulations

By Lisa Schulmeister, RN, MN, APRN-BC, OCN, FAAN
PUBLISHED THURSDAY, JANUARY 1, 1970
The new regulations for the Omnibus Health Insurance Portability and Accountability Act, or the HIPAA rule, became effective March 26, 2013 and healthcare providers and business associates have until September 23, 2013 to comply. The new HIPAA regulations are found in the January 25, 2013 issue of the Federal Register and highlights are listed below.

Patients can now ask for copies of their electronic health record in electronic format. Also, with both paper and electronic record requests, healthcare providers (e.g. hospitals, clinics, offices, etc.) have only 30 days to fulfill the request. Previously, there was a 30-day extension for records that were stored off site or not immediately retrievable. Another new regulation is that when patients pay for services personally and in full, they can now require that healthcare providers do not share information about the services received with their health plans and insurers. The regulations also are now more restrictive on using, sharing, and selling personal information for marketing and fundraising.

Changes that healthcare providers will likely applaud include a more streamlined process to use personal health information for research purposes, and the mandate that insurance companies cannot use genetic information for coverage and cost determinations. However, this does not apply to long-term care insurance plans.

There is also a change in how to determine when a privacy breach has to be reported to the government. Until now, healthcare providers have followed the harm standard, which said a breach was reportable only if it posed a significant risk of harm to the patient’s finances or reputation. The regulations now state that any loss or inappropriate disclosure of data is presumed to be a breach unless the healthcare provider (or hospital, clinic, or business associate) can demonstrate that there is a low probability the information will be used improperly.

Business associates, such as billing and transcription service providers, are now required to comply with HIPAA, and must have safeguards and policies and procedures for keeping data secure. The penalties for noncompliance also have increased. Previously, the limit was $25,000 per violation; the penalty is now $50,000 with an annual limit of $1.5 million.
Start a discussion
You must log in to use this feature, please click here to login.
External Resources

MJH Associates
American Journal of Managed Care
Cure
MD Magazine
Pharmacy Times
Physicians' Education Resource
Specialty Pharmacy Times
TargetedOnc
OncNurse Resources

Blogs
Continuing Education
Discussions
Web Exclusives


About Us
Advertise
Advisory Board
Careers
Contact Us
Privacy Policy
Terms & Conditions
Intellisphere, LLC
2 Clarke Drive
Suite 100
Cranbury, NJ 08512
P: 609-716-7777
F: 609-716-4747

Copyright OncNursing 2006-2017
Intellisphere, LLC. All Rights Reserved.