New and Enhanced HIPAA Regulations & Penalties Announced
On March 26, 2013, even stronger regulations were released for HIPAA in the form of the Omnibus Rule.
So just what does the Omnibus Rule change? In a nutshell: Responsibility and accountability for vendors and Business Associates who oversee Electronic Protected Health Information (ePHI). Impacted vendors have six months from that date to become compliant with the new standards.
Business associates are now required to comply with HIPAA just as our client’s offices are. Here at SolutionStart, we have to have safeguards and policies and procedures for not only keeping your data secure, but ours as well. Just like you, we have to have business associate agreements (BAA) with our own subcontractors. And we can get hit with penalties, just like you.
Speaking of penalties, they’ve gone up. Way up.
Under the previous rule, the limit was $25,000 per violation; now it’s $50,000, with an annual limit of $1.5 million.
There are a few other changes worth noting:
- Patients can now ask for copies of their electronic medical information in electronic format. With both paper and electronic record requests, the office has only 30 days to produce the information.
- When patients pay for services personally and in full, they can require that the office not share information about the treatment with their health plans.
- The office can give immunization information to a school if the school is required by law to have it and if the parent or guardian gives written permission.
These and all other new HIPAA regulations are found in the January 25 issue of the Federal Register (http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf) and the press release: http://www.hhs.gov/news/press/2013pres/01/20130117b.html.
It takes time, effort, and knowledge to maximize HIPAA Compliance and SolutionStart is here to help. Please don’t hesitate to contact us if you have any questions or concerns.