The finalized rules for the Health Information Patient Privacy Act will go into effect March 26, bringing with them stricter regulations for breaches of protected health insurance and new requirements for "business associates" of health providers.
"Changes to the rules will principally apply to healthcare providers, but will also impact employer group health plans," according to an advisory from Lockton Cos.
"The final HIPAA rule," said Patrick J. Haraden, principal, Longfellow Benefits in Boston in an email, "provides for more consumer protections and stronger enforcement, but will require covered entities to make significant changes and they have a small window for compliance."
"Employers will need to provide updated employee training, notices to members, and business associate agreements reflecting the final rule," he said.
The U.S. Department of Health and Human Services has tightened the definition of "unsecured" protected health information (PHI), according to Lockton. The final rule presumes that any access or disclosure is a breach unless the health plan or business associate can demonstrate that there is a "low probability" that the protected information was compromised.
The rules exclude unintentional or inadvertent disclosures to staff or to "people authorized to access PHI where the information is not retained, used or further disclosed in violation of the HIPAA rules," according to Lockton.
As for the business associates, the new rules require contractors and subcontractors (even if they do not have a direct relationship to the health plan) to develop formal policies and procedures to demonstrate compliance, as well as designate their own privacy and security officials.
The new rules, as well as several proposed and final regulations regarding various elements of the Affordable Care Act going into effect, "will create compliance challenges for employers," Haraden said, noting that 2013 "is turning into the year of compliance and enforcement for employers."
--By Anne Freedman
March 1, 2013
Copyright 2013© LRP Publications