Join PER® September 15th for the New York Advanced Practice Collaborative Meeting! Directed toward NP/PAs, this meeting blends presentations on cutting-edge information with panel discussions to enhance learning.

Revised HIPAA Regulations

Tuesday, August 27, 2013
The new regulations for the Omnibus Health Insurance Portability and Accountability Act, or the HIPAA rule, became effective March 26, 2013 and healthcare providers and business associates have until September 23, 2013 to comply. The new HIPAA regulations are found in the January 25, 2013 issue of the Federal Register and highlights are listed below.

Patients can now ask for copies of their electronic health record in electronic format. Also, with both paper and electronic record requests, healthcare providers (e.g. hospitals, clinics, offices, etc.) have only 30 days to fulfill the request. Previously, there was a 30-day extension for records that were stored off site or not immediately retrievable. Another new regulation is that when patients pay for services personally and in full, they can now require that healthcare providers do not share information about the services received with their health plans and insurers. The regulations also are now more restrictive on using, sharing, and selling personal information for marketing and fundraising.

Changes that healthcare providers will likely applaud include a more streamlined process to use personal health information for research purposes, and the mandate that insurance companies cannot use genetic information for coverage and cost determinations. However, this does not apply to long-term care insurance plans.

There is also a change in how to determine when a privacy breach has to be reported to the government. Until now, healthcare providers have followed the harm standard, which said a breach was reportable only if it posed a significant risk of harm to the patient’s finances or reputation. The regulations now state that any loss or inappropriate disclosure of data is presumed to be a breach unless the healthcare provider (or hospital, clinic, or business associate) can demonstrate that there is a low probability the information will be used improperly.

Business associates, such as billing and transcription service providers, are now required to comply with HIPAA, and must have safeguards and policies and procedures for keeping data secure. The penalties for noncompliance also have increased. Previously, the limit was $25,000 per violation; the penalty is now $50,000 with an annual limit of $1.5 million.

Talk about this article with nurses and others in the oncology community in the General Discussions Oncology Nursing News discussion group.
Lisa Schulmeister, MN, RN, ACNS-BC, FAAN
Blog Info
Lisa Schulmeister, MN, RN, ACNS-BC, FAAN is an oncology nursing consultant and editor-in-chief of Oncology Nursing News.
Author Bio
Lisa Schulmeister, MN, RN, ACNS-BC, FAAN, is the Editor-in-Chief for OncLive Nursing. She is an oncology nursing consultant and adjunct assistant professor of nursing at Louisiana State Health Sciences Center in New Orleans, LA. She provides continuing nursing education to nurses across the Unites States, is active in several professional nursing organizations, and is intrigued by the many ways nurses use technology to communicate.
External Resources

MJH Associates
American Journal of Managed Care
MD Magazine
Pharmacy Times
Physicians' Education Resource
Specialty Pharmacy Times
OncNurse Resources

Continuing Education
Web Exclusives

About Us
Advisory Board
Contact Us
Privacy Policy
Terms & Conditions
Intellisphere, LLC
2 Clarke Drive
Suite 100
Cranbury, NJ 08512
P: 609-716-7777
F: 609-716-4747

Copyright OncNursing 2006-2018
Intellisphere, LLC. All Rights Reserved.