HHS releases new HIPAA regulationsMarch 1, 2013
Most optometrists will need to take a few additional steps to protect patient information in their practices under the new Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules issued Jan. 17 by the U.S. Department of Health & Human Services’ (HHS) Office for Civil Rights (OCR), according to the AOA.
The AOA urges members to make plans now to update their HIPAA policies, procedures, and documents.
The association is developing new member resources to assist optometrists with this process.
“The new HIPAA privacy and security regulations will effectively require most optometric practices to review their privacy and security policies, update the Notices of Privacy Practices (NPPs) they provide to patients, and take a few additional measures to ensure the privacy, security, and accessibility of patient information in their practices,” said Jon Hymes, AOA Advocacy Group director.
The HIPAA Privacy and Security Rules take effect March 26; however, covered entities and their business associates generally will have until Sept. 23, 2013, to comply with most of the rules’ provisions.
The new, revised HIPAA regulations provide updates to the HHS’ initial set of privacy and security protection rules.
The role of technology in the optometric practice has changed since the HIPAA legislation was initially passed in 1996, and the HIPAA regulations needed to be updated to reflect those changes, Hymes said.
“The new rules put into place several provisions aimed at updating patient privacy safeguards while also recognizing how information needs to be made securely accessible today and into the future, including through electronic communications,” he said.
- Patients will now be allowed to request an electronic copy of their electronic health record.
- Patients will have the right to instruct their doctors to not share information about treatment with the patient’s insurance company when the patient pays cash for the services rendered.
- Additional information will be required on Notices of Privacy Practices including information regarding patients’ rights following breaches of protected health information and information regarding a patient’s rights when paying for services out of pocket.
In addition to making sure their practices are in compliance with the updated federal privacy and security rules, practitioners should make sure any business associates with access to protected health information, such as billing firms or claims clearinghouses, are aware of the new rules and are taking steps to adhere to them, the AOA Advocacy Group recommended.
Under the new revisions, the privacy and security rules will apply not only to health care practitioners and their business associates, but, for the first time, the subcontractors of those business associates.
The new privacy and security rules essentially offer health care practitioners an opportunity to review and update their patient information protection policies and procedures – a step they are actually required to take periodically under HIPAA.
“Throughout the development of these new regulations, the AOA has been engaged representing the interests of our members to ensure that patient privacy is respected and that optometrists do not face any unfair treatment or discrimination or any unnecessary compliance burdens,” Hymes said.
Like the original HIPAA security rule, the newly revised security regulation requires health care practitioners to conduct a “gap analysis” of the measures taken to protect electronic protected health information (ePHI) in their practices.
A list of answers to frequently asked questions regarding the new HIPAA regulations is posted at www.aoa.org/HIPAA.
AOA members with specific questions regarding the new HIPAA Privacy and Security Rules can contact Kara Webb in the AOA Washington office at KCWebb@aoa.org.
Members with questions about how to implement these changes in their practices should visit www.excelod.com/HIPAA.