HIPAA Rules Expanded to Associates

HIPAA Rules Expanded to Associates

The US Department of Health and Human Services (HHS) has announced updates to HIPAA, the Health Insurance Portability and Accountability Act, that bring patient privacy rights and safeguards up to the standards and requirements needed for the digital age.

Although several changes were implemented in the revision, the biggest change in the update is the expansion of requirements beyond health care providers, health plants and entities that work with health insurance claims to also include business associates such as contractors and subcontractors that perform services on behalf of health care providers. The amended HIPAA rules formalize many of the changes made in the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act).

A summary of changes to HIPAA include:

  • Requirements extended to business associates of health care providers
  • Increased penalties for non-compliance to a maximum of $1.5 million / violation
  • Clarification of when breaches must be reported to HHS
  • Patients can ask for a copy of the electronic medical record in electronic form
  • When individuals pay by cash they can instruct their provider not to share information about their treatment with their health plan
  • New limits on how information is used and disclosed for marketing and fundraising purposes
  • Prohibition on the sale of health information without an individual’s permission
  • Streamlined ability to authorize the use of health information for research purposes
  • Easier process for parents and others to give permission to share proof of a child’s immunization with a school
  • Gives covered entities and business associates up to 1 year after the 180-day compliance date to modify contracts to comply with the rule
  • Integrates the Genetic Information Nondiscrimination Act (GINA) to prohibit health plans from using or disclosing genetic information for underwriting purposes

The final omnibus rule enhances patient privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law. The new rules take effect on March 26th, 2013 for health care providers and September 23, 2013 for business associates.

Arieanna Schweber
Arieanna Schweber has been a part of the Absolute writing team since 2007. Arieanna was Canada’s first female professional blogger and has been professionally blogging since 2006 and has spoken at leading blogging conferences including BlogHer and Northern Voice. Arieanna has a joint degree in Business and Communications from Simon Fraser University and continues to build communities for Vancouver-based clients.
Share this Post: Facebook Facebook Twitter Google Plus Reddit RSS Email

Related Posts

1 Comment