HIPAA Final Rule Raises Fines for Non-Compliance
The HIPAA omnibus final rule released by the Department of Health & Human Services January 17 will cost hospitals some time and money in regulation analysis, training, and policy revision, but shouldn't break the bank, healthcare leaders and privacy and security experts say.
The HIPAA "mega rule," so-called by some in the industry, represents the largest set of modifications to the HIPAA privacy and security rules to date.
"The new law needs to be analyzed and will have some impact on current processes, although they appear after my high level review to be expected and minor in nature," says Chris D. Van Gorder, FACHE, president and CEO of Scripps Health in San Diego.
"There will be costs to Scripps to analyze the regs, revise policies, revise and distribute the Notice of Privacy Practice (NPP), and to revise our standard Business Associate agreement if legal determines that is necessary and get our BA's to sign the new version."
The final omnibus rule enhances a patient's privacy protections, provides individuals new rights to their health information, strengthens the government's ability to enforce the law, and requires updates to business associate contracts.
The rule, required by the Health Information Technology for Economic and Clinical Health (HITECH) Act signed into law in February of 2009, is enforceable beginning September 24. It holds accountable third-party subcontractors who use and disclose PHI to HIPAA rules and penalties.
- How Top-Ranked MA Plans Earn Their Stars
- Readmissions: No Quick Fix to Costly Hospital Challenge
- How Hospitals Can Become 'Upstreamists'
- 4 Ways to Lower the Cost to Collect from Self-Pay Patients
- WellPoint Dominates Nearly Half of Markets, AMA Says
- CMS Offers Some ACOs $114M for 'Upfront' Costs
- 4 Tips for Managing Employed Physicians
- House Calls Key to Pioneer ACO Success
- Ebola: Second TX Nurse Diagnosed After Improper Protective Gear Application
- Providers Ask HHS to Address EHR Interoperability Barriers