|
|||
|
|
|
HIPAA Rules Go Into Effect
Privacy rules expand to "business associates."
The finalized rules for the Health Information Patient Privacy Act will go into effect March 26, bringing with them stricter regulations for breaches of protected health insurance and new requirements for "business associates" of health providers. "Changes to the rules will principally apply to healthcare providers, but will also impact employer group health plans," according to an advisory from Lockton Cos.
"Employers will need to provide updated employee training, notices to members, and business associate agreements reflecting the final rule," he said. The U.S. Department of Health and Human Services has tightened the definition of "unsecured" protected health information (PHI), according to Lockton. The final rule presumes that any access or disclosure is a breach unless the health plan or business associate can demonstrate that there is a "low probability" that the protected information was compromised. The rules exclude unintentional or inadvertent disclosures to staff or to "people authorized to access PHI where the information is not retained, used or further disclosed in violation of the HIPAA rules," according to Lockton. As for the business associates, the new rules require contractors and subcontractors (even if they do not have a direct relationship to the health plan) to develop formal policies and procedures to demonstrate compliance, as well as designate their own privacy and security officials. The new rules, as well as several proposed and final regulations regarding various elements of the Affordable Care Act going into effect, "will create compliance challenges for employers," Haraden said, noting that 2013 "is turning into the year of compliance and enforcement for employers." --By Anne Freedman March 1, 2013 Copyright 2013© LRP Publications |
|
|
|
Entire contents copyright © 2013 Risk and Insurance® All rights reserved.
May not be reproduced in any form without written permission.
|