An important deadline is coming up. By 9/23/13, healthcare providers need to come into compliance with the final HIPAA rule. Because our iClickCare hybrid store and forward collaboration system was developed with HIPAA in mind, we want to share some time-saving experience with you. This week, we're covering 3 aspects of the deadline. Monday was overall background; Today we're talking about steps to get in compliance; Friday we're discussing HIPAA and telemedicine.
Why should you care and comply with HIPAA, HITECH and the Omnibus Reconciliation 2013 bill?
- You are a health care professional.
- It’s the law (read: you'll pay if you don't "care.")
The Office of Civil Rights of the Department of Health and Human Services summarized the 500+ pages of the Omnibus Rule as including the following final modifications:
- Make Business Associates of Covered Entities directly liable for compliance with certain of the HIPAA Privacy and Security Rules' requirements.
- Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without individual authorization.
- Expand individuals' rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.
- Require modifications to, and redistribution of, a Covered Entity's notice of privacy practices.
- Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to information by family members or others.
- Increased and tiered civil money penalty structure provided by the HITECH Act.
- Replacement of the breach notification rule's "harm" threshold with a more objective standard. [Our note: Previously, a breach had to reported if there was a “risk of harm." The Omnibus Rule requires any breach to be reported.]
- Prohibition of most health plans using or disclosing genetic information for underwriting purposes.
In service of becoming compliant, a risk assessment of your practice is required. There are five safeguards that need to be assessed:
- Policy and Procedures and Documentation Requirements
This assessment can be done by you but the findings of the assessment and the plan of action must be documented and the assessments need to be ongoing. We've created a tool that reduces the 492 compliance questions to only 32, while still meeting the HIPAA standards. You will eventually need more work in this area, but this is a start. Of course, be aware that we are not lawyers, you shouldn't take action on information in this post alone, and we do not represent the government.
Click below for a quick-and-easy version of the assessment and come into HIPAA compliance.