UPDATED SERIES INFO: The Health Insurance Portability and Accountability Act (HIPAA) of 1996 received significant changes made to it as a part of the "American Recovery and Reinvestment Act of 2009. Medcoms three-part series "HIPAA for Healthcare Workers has been updated to reflect these changes. The following table provides a brief description of the changes to HIPAA as a result of the Recovery and Reinvestment Act, and explained in the series.
CHANGES TO HIPAA DESCRIBED IN "HIPAA FOR HEALTHCARE WORKERS SERIES:
CHANGE: Security Rules Apply Directly to Business Associates and Privacy Provisions Apply Directly to Business Associates DESCRIPTION: Business associates must comply directly with many of HIPAA's Security Rules.
Change: New Security Breach Notification Rules DESCRIPTION: A covered entity or business associate that has a specified security breach will be required to notify each individual affected by the security breach.
Change: Education on Health Information Privacy DESCRIPTION: HHS must designate an individual in each regional office to offer guidance and education on the rights and responsibilities related to federal privacy and security rules.
Change: Changes to Restriction Request Rules DESCRIPTION: Previously, HIPAA allows an individual to request that certain PHI not be used by a covered entity or business associate; but the covered entity could decline all such requests. Now, a covered entity must comply with the restriction request within certain parameters.
Change: New Provisions Regarding Electronic Health Records DESCRIPTION: If a covered entity uses or maintains an electronic health record ("EHR"), an individual has the right to obtain copies in an "electronic format".
Change: Prohibition on Sale of EHR or PHI DESCRIPTION: A covered entity or business associate is prohibited from directly or indirectly being paid for any EHR or PHI (protected health information) unless it receives a HIPAA compliant authorization from the individual.
Change: New Restrictions on Marketing and Fundraising DESCRIPTION: Protected health information cannot be used to send marketing and fundraising materials to individuals.
Change: Breach Notification Requirement by Vendors and other Non-Covered Entities DESCRIPTION: The new rules also cover any "vendor of "personal health records and are enforced by the FTC.
Change: Increase in Civil Monetary Penalties DESCRIPTION: The civil monetary penalties are significantly increased.
Change: State Attorney General Private Right of Action for HIPAA Violations DESCRIPTION: The law creates a private cause-of-action for non-compliance, which could be brought by state attorney generals on behalf of affected patients.
Change: Audits DESCRIPTION: Under the stimulus bill, HHS must provide for periodic audits to ensure compliance.
Change: Individuals Can Receive Compensation for Breaches DESCRIPTION: Individuals affected by a HIPAA violation will be able to receive a percentage of any fine.
Other Programs in this Series
JUST UPDATED! 2014 Overview:The Health Insurance Portability and Accountability Act (HIPAA) of 1996 began a series of complex and wide-ranging changes to the practice of health care in America. Significant [...]
Released in 2014
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was the beginning step of a complex but important reform of the American healthcare system and has led to a number of practice changes [...]
Released in 2010
Overview:The need for attention to data security came about largely because of past abuses that occurred in many places in healthcare. While regulations associated with the Security Rule have been part [...]
Released in 2014