• News New Blog Banner

  • September 23 HIPAA Deadline Approaches

    Practitioners have until September 23 to comply with provisions of the final rule that earlier this year extensively modified the privacy, security, and enforcement regulations established under the Health Insurance Portability and Accountability Act of 1996, or HIPAA.

    The final rule expanded many of the requirements to business associates of covered entities that receive protected health information, such as contractors and subcontractors. If a covered entity did not have a business associate agreement in place by January 25 this year that was compliant with the previous HIPAA regulations, it must enter into one by September 23. However, entities that did have HIPAA-compliant business agreements place as of January 25 may get a 1-year extension to revise their agreements, as long as they did not or do not renew those agreements between March 26 (the date the new rule took effect) and September 23. Any agreement that is renewed after September 23 must comply with the new rule, which also increases the penalties for noncompliance to a maximum of $1.5 million per violation.

    The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS.

    The new rule also expands individual rights under HIPAA, and by September 23 these rights must be added to the Notice of Privacy Practices (NPP) that providers give to new patients. For example, patients can ask for a copy of their electronic medical record in an electronic form, and they can instruct their provider to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full. The rule also sets new limits on how information is used and disclosed for marketing and fundraising purposes and prohibits the sale of individuals' health information without their permission.

    Association members can access the document on the Health Information Technology webpage under "APTA Summaries" and APTA's HIPAA webpage.


    • This concern/request about HIPAA is not related to the above notice, but I don't know who to present this HIPAA 'problem' to. The Problem: HIPAA prevents parents of for children older than 14 years, or adult 'dependents' who are <18 yrs. old but still on their parent's health insurance plan from getting healthcare related information on the 'dependent' unless the 'dependent' signs a release of information, yet the parents are responsible for the bills AND have to pay w/o knowing what procedures were done and why. (We went through this when our younger daughter was dealing with mental health issues. The provider wanted to be paid but couldn't 'talk' to us about the bills until our then 14 year-old daughter signed a release). I know when someone is older than 18, they are 'adult' but it makes the medical bills a nightmare when the payer does not have permission to 'see' the records. I believe that any person legally responsible to pay a medical bill for another person should also be automatically allowed FULL access to the medical records for the services they are paying for-including co-pays and deductible payments. The dependent person should understand that part of being 'dependent' is allowing the responsible party full access to information.

      Posted by Stephanie Olson on 9/1/2013 11:55 PM

    • print

      Posted by Constance on 11/26/2013 2:55 PM

    Leave a comment
    Name *
    Email *