HIPAA? I know about it, but I text anyway because it is good patient care.
Do you really want to say that?
Our advice: Don’t even think about it! And moreover, forget it and move on -- there is too much to worry about that you can change, and this, you can’t.
We are taught to understand as well as follow. Here is some understanding.
The Federal Register, on January 25, 2013, added another 563 pages (78 Fed Reg. 5566) to the voluminous hundreds of pages that constitute three acts over the past 17 years. These are HIPAA, HITECH and GINA, and an entire industry has been built on these rules. The 563 pages as a totality constitute the Omnibus Rule of 2013.
What does all of this mean to us providers? What does all of this mean to us who help providers? Since this post is conversing with patient care professionals, many of whom are mere HIPAA laymen, these answers are brief and focused.
Four main points for day-to-day care:
1. There is increased penalty and enforcement.
2. Business associates are responsible for all their subcontractors. Did a cleaning lady, employed by a cleaning service pick up a CD? Reasonable Cause -- an act or omission in which a CE or BA knew, or by exercising reasonable diligence would have known, that the act or omission violated an administrative simplification provision, but in which the CE or BA did not act with willful neglect.
3. Any disclosure of PHI will be presumed to be a breach, and HHS will, not may, investigate.
4. Individuals have enhanced rights to obtain electronic copies of their records. With this, is an enhanced right to restrict disclosure of PHI. Patients who pay solely for care by cash can restrict release to insurance companies and billers.
Some collateral damage to be aware of:
- Schools -- Immunizations can be shared.
- Research -- Special notes about current research releases, and how they may apply to future analysis of the same data with different research.
- Genetics -- Genetic information is protected and cannot be used against the patient.
- Marketing and Fundraising -- Defines how information is used. Can you ask for money from patients for a cause you know that they are near and dear to?
How much time is there to comply?
The final rule was announced on January 25, 2013. It is effective March 26, 2013 (including penalties), and compliance (such as notifications) must be completed by September 23, 2013.
Cost and Conclusion.
The cost of all of this...114 to 225.4 million dollars (government estimate, your experience may vary). In 2011, the CDC estimates 1 billion physician office visits. That works out to 23 cents per visit.
Finally, there is a lot to this and a lot to read. Download the "Omnibus Rule -- High Overview" to learn more and send you speedily on your way.
It is not totally depressing. But, as Jim Croce says,
"You don't tug on superman's cape
You dont' spit into the wind
You don't pull the mask of the ol' lone ranger
And you don't mess around with ..."
Find the compilation of References here:
2. Debbie Tokos, RHIT, CHPS, United Health Service, Johnson City, NY 13790