With the new HIPAA guidelines that have been put into action on September 23, 2013, it’s important to understand what changes have been made and how it will affect you and your company. One of the largest changes for HIPAA is the PHI act. The Protected Health Information Act or PHI Act, is the privacy and security acts associated with medical records. Since the HITECH Act was initiated in 2009, all medical records have been dealt with electronically, which has forced for new changes to HIPAA.
PHI deals with security breaches and protected information being linked to unauthorized personnel. The new HIPAA rules have changed the guidelines for whether a breach could happen or if it is happening. This decreases the guesswork involved with assuming the risks associated with misuse of personal information. The new edition assumes that any tampering with Protected Health Information is a breach unless there is a low possibility of the information being compromised. The past HIPAA laws did not have strict rules for breached information, which resulted in more companies having security problems. Averages show that one in six companies experience information being leaked.
In addition to security breaches being addressed, the definition of a business associate has also changed due to the new Omnibus Rules. New elaboration makes vendors responsible for Protected Health Information of patients even if they personally haven’t viewed it, but their subcontractor has. Changes will eventually lead to more companies becoming business associates. With this said, subcontractors as well as business associates are responsible for adhering to all rules regarding HIPAA and violations made by either party will be the responsibility of the business associate.
Patents are now required for marketing purposes of Personal Health Information. All communication made about PHI for marketing purposes, for a service or product, that is being paid for requires a patent. Modifications for patient authorization on PHI for research have been made as well. Family members of descendents are also given more rights to obtaining the personal information of their dead loved ones. With the new HIPAA rules, patients and family members will have more rights to their information allowing them to know where and/or what the information is being used for.
Not updating your practices to comply with the HIPAA changes, will result in numerous fines. One of the major changes to the act is that the cost of penalties have increased. The government is not taking it lightly if companies do not abide by the new guidelines. The minimum cost for a violation is close to $50,000 for each violation. Companies can incur thousands in unneeded expenses if they don’t update their procedures to comply with the new HIPAA standards.