1 / 4

Key Changes to HIPAA Regulations and Privacy Practices Effective February 2010

This document outlines crucial changes to HIPAA and HITECH regulations concerning patient privacy and security, effective February 2010. Key updates include procedures for opt-out information for fundraising, new restrictions on paid communications, constraints on the sale of protected health information (PHI), and the minimum necessary use of PHI. Individuals can expect enhanced rights regarding access to their electronic health records (EHR) and the ability to request restrictions on disclosures. Covered entities and business associates must comply with these regulations, ensuring patient privacy is prioritized.

ailis
Télécharger la présentation

Key Changes to HIPAA Regulations and Privacy Practices Effective February 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HITECH/HIPAA Changes Privacy-Security Champ Meeting February 10, 2010

  2. Fundraising: Clear opt-out information Effective 2/2010 • Marketing:Additional restrictions on communication where entity is paid for communication. Effective 2/2010 • Sale of PHI: No direct or indirect remuneration in exchange for PHI, unless the individual signed an authorization; certain exceptions. Regs pending; enforcement 6 mos. Later. • Minimum Necessary: Covered entity must limit PHI to limited data set, or, if necessary, to minimum necessary. Effective 2/2010

  3. Accounting for TPO Disclosures: If covered entity maintains an electronic health record (EHR), an accounting disclosures for TPO for the three years prior to the request. Effective Date: Depends on CE’s adoption of HER (anticipated, 2014) • Right to Electronic Access: If covered entity uses an EHR, individual has a right to a copy of his PHI in electronic format. Effective 2/2010 • Right to Restriction: Covered entity must comply with individual’s request for restriction if disclosure: (1) is to health plan for payment or health care operations and (2) pertains to item/service that patient paid for “out-of-pocket.” Effective 2/2010

  4. Business Associates: Liable for compliance with Security Rule and uses and disclosures under Privacy Rule; HIEs, certain PHR and others transmitting data are business associates. Effective 2/2010 • Notice of Privacy Practices: New Privacy Notice. EVERY patient must receive a copy of the new one; as if they were new patient. Effective 2/17/2010 • Acknowledgement Forms: Form is the SAME! New procedure: Do NOT send them to Privacy Office anymore! Attach them to face sheet and send to Health Information for scanning into patient record. Effective 2/17/2010.

More Related