The HIPAA Privacy Rule is a set of federal standards to protect the privacy of patients’ medical records and other health information maintained by covered entities. These standards provide patients with access to their medical records and with significant control over how their personal health information is used and disclosed. Listed below are the enforcement highlights as of June 30, 2012:
· New regulations change the way individuals have access to their records, and how much they can find out about whom has accessed their records.
· Individuals can now request certain restrictions on disclosures that you must honor.
· There are new requirements for disclosers of health information to apply “minimum necessary” standards.
· EHR vendors must provide the new tools necessary for their users to meet HIPAA requirements.
· Business Associates have new requirements to comply with HIPAA privacy protections and security safeguards and are subject to enforcement and penalties directly by HHS.
· Sub-contractors of Business Associates, Health Information Exchanges, Regional Health Information Exchanges, and e-Prescribing gateways are now considered to be Business Associates.
· New limitations on marketing and fund-raising may change how entities can reach out to individuals.
· How disclosures must be tracked in an EHR.
The new penalty structure and the new audit program mean that you are more likely to be audited for HIPAA compliance, and you may be facing significantly higher penalties for non-compliance.
For more information on any of the above highlights, please click here.