HIPAA Final Rule Raises Fines for Non-Compliance
The HIPAA omnibus final rule released by the Department of Health & Human Services January 17 will cost hospitals some time and money in regulation analysis, training, and policy revision, but shouldn't break the bank, healthcare leaders and privacy and security experts say.
The HIPAA "mega rule," so-called by some in the industry, represents the largest set of modifications to the HIPAA privacy and security rules to date.
"The new law needs to be analyzed and will have some impact on current processes, although they appear after my high level review to be expected and minor in nature," says Chris D. Van Gorder, FACHE, president and CEO of Scripps Health in San Diego.
"There will be costs to Scripps to analyze the regs, revise policies, revise and distribute the Notice of Privacy Practice (NPP), and to revise our standard Business Associate agreement if legal determines that is necessary and get our BA's to sign the new version."
The final omnibus rule enhances a patient's privacy protections, provides individuals new rights to their health information, strengthens the government's ability to enforce the law, and requires updates to business associate contracts.
The rule, required by the Health Information Technology for Economic and Clinical Health (HITECH) Act signed into law in February of 2009, is enforceable beginning September 24. It holds accountable third-party subcontractors who use and disclose PHI to HIPAA rules and penalties.
- CMS to Speak with ICD-10 Backers Tuesday
- Feds Stonewall ICD-10 Summit
- Managed Care Contract Negotiations Morph Under PPACA
- Hospital Groups Back NQF Report on Patient Sociodemographics
- Governor Details Healthcare Payment Reform Path in Arkansas
- Cyberattack Drill Exposes Healthcare's Vulnerabilities
- Boston Marathon Bombing Yields Lessons for Hospitals
- Physician Payment Data is Where the Action Is
- NY Abolishes Written Practice Agreement for NPs
- MetroHealth Revs Its Population Health Engine