HIPAA Final Rule Raises Fines for Non-Compliance
The HIPAA omnibus final rule released by the Department of Health & Human Services January 17 will cost hospitals some time and money in regulation analysis, training, and policy revision, but shouldn't break the bank, healthcare leaders and privacy and security experts say.
The HIPAA "mega rule," so-called by some in the industry, represents the largest set of modifications to the HIPAA privacy and security rules to date.
"The new law needs to be analyzed and will have some impact on current processes, although they appear after my high level review to be expected and minor in nature," says Chris D. Van Gorder, FACHE, president and CEO of Scripps Health in San Diego.
"There will be costs to Scripps to analyze the regs, revise policies, revise and distribute the Notice of Privacy Practice (NPP), and to revise our standard Business Associate agreement if legal determines that is necessary and get our BA's to sign the new version."
The final omnibus rule enhances a patient's privacy protections, provides individuals new rights to their health information, strengthens the government's ability to enforce the law, and requires updates to business associate contracts.
The rule, required by the Health Information Technology for Economic and Clinical Health (HITECH) Act signed into law in February of 2009, is enforceable beginning September 24. It holds accountable third-party subcontractors who use and disclose PHI to HIPAA rules and penalties.
- Medical Errors Third Leading Cause of Death, Senators Told
- 4 Tectonic Shifts Shaking Up Healthcare
- As States Regulate Provider Competition, Common Threads Emerge
- Chronic Disease Care Costs Get Bipartisan Attention
- CVS Ramps Up Retail Clinics with Provider Affiliations
- CareFirst Announces PCMH Program Results
- Mayo Tops U.S. News Best Hospitals Rankings
- Hospitals Seeking to Understand PPACA Impact Turn to Data
- Telemedicine Providers Welcome AMA Guidelines
- The case for concierge medicine