Sometimes it can be difficult to stay on task with meeting specific deadlines, but here's a date physicians definitely need to keep in mind: Sept. 23, 2013. That's the date physicians and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) must be in compliance with privacy and security changes announced in an HHS press release in January(www.hhs.gov).
The final HIPAA omnibus rule, which was published in the Jan. 25, 2013, Federal Register(www.gpo.gov), enhances patients' privacy rights and gives HHS' Office for Civil Rights expanded authority to pursue complaints against health plans and health care professionals or their business associates who don't conform to the law.
Some particular provisions of the law affect family physicians. For example, the final rule addresses physician use of patients' personal health information for marketing and fundraising purposes and strictly prohibits the sale of such information without patient permission.
The final rule also gives patients the right to ask for an electronic copy of their personal health records and to prohibit, in some instances, physicians from releasing their personal health information to a health insurance company.
Practices that haven't already done so need to pull out, review and update their existing "Notice of Privacy Practices" form. After it is updated, the form must be signed by new patients, but otherwise should be posted in the practice with hard copies available for patients who request them.
Check out the May/June 2013 issue of Family Practice Management for more details on the updated privacy and security rule.
Related ANN Coverage
HHS Rolls Out HIPAA Omnibus Rule
Final Rule Strengthens Privacy, Security for Consumer Health Data