On January 17th, HHS Office for Civil Rights Director Leon Rodriguez issued a press release announcing the new HIPAA rules being published by the HHS Office of Civil Rights. The 563 page document strengthen the requirements placed on providers and institutions to protect the privacy and health care information of the patient. According to Rodriguez “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”
Some of the items in the new rule:
- Increase the protection and control of health information.
- Especially effects health information associates, contractors and subcontractors who help healthcare workers gather and store information. Some of the largest breaches have been by associates.
- Maximum penalty for violation has been increased to 1.5 million per violation
- New rules also strengthen the requirement to report breaches to HHS and to notify the patient.
- New rules make it easier for a patient to share their information for research purposes
- Patients can ask for a copy of medical records in an electronic form
- New rules regarding how information can be used for marketing and fundraising
The new rules add new regulations and stiff penalties related to gathering and storing protected information. The actual implementation and enforcement of new rules will become apparent over the upcoming months but as anesthesia providers, we can expect questions about our health information security during future CMS visits.
For those with insomnia, click here to review the entire 563 page document