Why Brokers Must Get Up to Speed on HIPPA Rules Now

HIPAALogoIf you are not protecting your clients’ health information according to HIPPA privacy rules, you could be in deep trouble. The Dept. of Health and Human Services (HHS) issued a rule to expand many HIPPA requirements to business associates that receive protected health information, such as contractors and subcontractors. Some of the largest breaches reported to HHS have involved business associates. HIPPA penalties for non-compliance are no laughing matter. Under this rule, they have been increased based on the level of negligence with a maximum penalty of $1.5 million per violation.

Another interesting provision is that, a patient who pays by cash can instruct their provider not to share information about their treatment with their health plan.

The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS.

“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates,” said HHS Office for Civil Rights Director Leon Rodriguez.

In addition, patients can ask for a copy of their electronic medical record in an electronic form. The final omnibus rule sets new limits on how information is used and disclosed for marketing and fundraising purposes and prohibits the sale of an individual’s health information without their permission.

The final rule also streamlines individuals’ ability to authorize the use of their health information for research purposes. The rule makes it easier for parents and others to give permission to share proof of a child’s immunization with a school and gives covered entities and business associates up to one year after the 180-day compliance date to modify contracts to comply with the rule.

The final omnibus rule is based on statutory changes under the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, and the Genetic Information Nondiscrimination Act of 2008 (GINA) which clarifies that genetic information is protected under the HIPAA Privacy Rule and prohibits most health plans from using or disclosing genetic information for underwriting purposes.

The Rulemaking is in the Federal Register at https://www.federalregister.gov/public-inspection.

Last Updated 8/2/2017

Arch Apple Financial Services | Individual & Family Health Plans, Affordable Care California, Group Medical Insurance, California Health Insurance Exchange Marketplace, Medicare Supplements, HMO & PPO Health Care Plans, Long Term Care & Disability Insurance, Life Insurance, Dental Insurance, Vision Insurance, Employee Benefits, Affordable Care Act Assistance, Health Benefits Exchange, Buy Health Insurance, Health Care Reform Plans, Insurance Agency, Westminster, Costa Mesa, Huntington Beach, Fountain Valley, Irvine, Santa Ana, Tustin, Aliso Viejo, Laguna Hills, Laguna Beach, Laguna Woods, Long Beach, Orange, Tustin Foothills, Seal Beach, Anaheim, Newport Beach, Yorba Linda, Placentia, Brea, La Habra, Orange County CA

12312 Pentagon Street - Garden Grove, CA 92841-3327 - Tel: 714.638.0853 - 800.731.2590
Email:
Jay@ArchApple.com
Copyright @ 2015 - Website Design and Search Engine Optimization by Blitz Mogul