Employers should begin getting prepared to implement the new Health Insurance Portability and Accountability Act, HIPAA, regulations went into effect September 1, 2013.
Steps to take in order to comply:
- Amend (or, if necessary, adopt) written breach notification procedures.
- Update and redistribute the Notice of Privacy Practices regarding new or revised individual rights and changes in policies and procedures.
- Train workers with access to PHI on all applicable changes.
- Prepare or revise documentation for new or revised individual privacy rights:
- To implement new access rights to an electronic copy of “personal health information” (PHI);
- For authorization to use or disclose PHI for marketing purposes;
- For restrictions of disclosures of health services paid for “out of pocket”;
- For requests to transmit PHI to third persons; and
- For disclosures of PHI to family members of a deceased patient.
Health and Human Services (HHS) monitors and levies HIPAA penalties which were also increased and now can be as high as $50,000 per violation, capped at $1.5 million per year for identical violations. Therefore, get serious about HIPAA compliance and save your company from unnecessary fines!
Reference: Magee, E. (7/31/2013). Employers must comply with new HIPAA privacy and security regulations. Tennessee Employment Lawletter.