Deadlines: Regulations on HIPAA Compliance for Physicians

The deadline of September 23, 2013 has come and gone on the calendar. It was on this day the federal government enacted changes to the Health Insurance Portability and Accountability Act, better known as HIPAA.

Medical physicians must be compliant with privacy and security and changes will include things like how to properly secure a patient’s health information or what you must tell a patient about their privacy rights.

Medical physicians have 6 months to comply, and for many this is a difficult task to stay on so that the deadline is met.

Compliance of the act includes the following updates to the regulations.

• Physicians must conduct a risk analysis designed to establish the vulnerability of electronic protected health information (PHI) against theft or loss.
• Physicians must document that they have carried out the procedure above.
• Physicians must encrypt all patient PHI so that in the event it is lost or stolen it cannot be used.
• Medical offices must review their current policies and procedures and determine what he would do if PHI is stolen, lost or inappropriately disclosed.
• Medical offices must view their current vendor contracts and other business associates that have access to PHI to make sure those vendors also have adequate safeguards to secure a patient’s PHI.
• Patients will now be allowed to prohibit the disclosure of their information relating to a test or treatment that the patient has paid for himself or herself, thus requiring new practices put into place to identify and separate the information a patient does not want to have disclosed so that it cannot accidentally be sent to an insurance provider.
• It permits patients to ask for their health information in electronic form, and it requires the practices to be in compliance within the 30 days. There is a single one 30 day extension allowed.
• It requires the medical office practices to make updates to their privacy practice notifications to ensure all of the rights of the patients are included and the updated notice sent to all patients and then posting it in the medical office and on the website as well.
• It requires medical physicians to notify their patients about their privacy rights and how that information can be used.
• Train the employees of the medical office so that they are aware and understand the privacy procedures.
• Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed.
• Secure the patient records that contain any individually identifiable health information so that they are no longer readily available to anyone who does not need them.

The Impact of HIPAA’s Privacy Rule?

The protection of patient privacy is not new. Medical physicians and other health care providers have a long tradition of keeping the private health information private. However, in today’s world, where digital information is being transmitted electronically and being held in a broad range of locations, there is a need for new and tighter privacy rules.

The Privacy Rule has done just that. It offers clear standards for the protection of PHI. The Rule requires certain activities to ensure the patient’s confidentiality.

The penalty can be high for unauthorized disclosure of PHI. These fines start at $100 and go to $50,000 depending on what the circumstances are including the amount of disclosure that’s occurred and the size of the medical practice.

If you are like most medical practices, you already have in place some type of system to protect patient information and confidentiality. Adding this new layer of HIPAA compliance will allow your patients to feel more secure as there will be improved protection of their personal information.

View all Articles by: Melissa Clark, CCS-P