PVW Law Article: HIPAA Final Rule

We posted a new article on our website regarding the HIPAA Final Rule.

For more information, check out our videos on Business Associates and Business Associate Agreements, as well as HIPAA Compliance Audits:

 

 

Final HIPAA/HITECH Rule Released

HHS has recently released final rules modifying HIPAA under the HITECH Act. The rules make several changes for both providers and business associates. First, the regulations expand the definition of business associate. Thus, businesses need to figure out whether they are now subject to HIPAA. Business associates may face up to $1.5 million in fines per year if they do not comply with the new rules.

Providers will have to make several changes as well. The new rules give providers less flexibility to decide when to report a breach and restrict when PHI can be used for marketing. Providers must provide patients with records in electronic form on request. Also, they must revise their Notices of Privacy Practices. If providers do not comply, they will face harsher fines and new enforcement tools. Providers should start revising their business associate agreements, NPPs, and other policies to comply by September 23.

© 2013 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

HIPAA Audit Protocols Released

This year, 115 audits will take place under a new pilot program designed to ensure compliance with HIPAA.  Any entity subject to HIPAA is subject to audit, and the program will likely expand substantially in 2013.  As a result, all healthcare professionals need to be concerned about HIPAA audits.

Beginning in 2013, DHS will include business associates in their audit procedures.  This means that businesses engaged in service contracts with healthcare entities should evaluate their potential eligibility for audit.

DHS has recently released its HIPAA audit protocol (available here).  The audit protocol is highly comprehensive and addresses the full spectrum of HIPAA concerns. It includes modules to measure compliance with seven separate requirements under the Privacy Rule, as well as requirements for technical, physical, and administrative safeguards under the Security Rule.  The protocol also includes modules designed to measure compliance with the requirements of the Breach Notification Rule.  Healthcare organizations should regularly engage in “practice” audits to ensure that they comply with all of these requirements.  The release of these protocols will be a valuable tool in ensuring that practice audits are sufficiently rigorous and focused to provide meaningful results.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

What to Do When You are Asked to Sign a HIPAA Business Associate Agreement

PVW Law has published an updated article regarding what to do when you are asked to sign a HIPAA Business Associate Agreement.  The full text of the articles can be viewed by accessing the following link: http://www.pvwlaw.com/CM/Articles/00161375.PDF.

© 2011 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com