Written by Sigrid U. Zaehringer
As published in the Califf & Harper, P.C. May 2013 Newsletter
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) was established to provide federal protections for personal health information (“PHI”) and to vest individuals with rights concerning the use and disclosure of such information. HIPAA also sets forth a series of logistical safeguards covering the use and transmission of electronic health information. The types of businesses which are subject to HIPAA’s privacy rules are health plans, health care clearinghouses, and health care providers who conduct certain financial and administrative transactions electronically.
On January 17, 2013, the Department of Health and Human Services issued a final rule, referred to as the Omnibus Rule, which affects multiple aspects of HIPAA. The Omnibus Rule became effective on March 26, 2013, and covered entities and business associates must comply with its requirements by September 23, 2013. The Department of Health and Human Services has referred to the Omnibus Rule as the “most sweeping changes” to the HIPAA regulations since they were first implemented.
Some of these major changes are as follows:
The Omnibus Rule enacted a variety of additional modifications as well which touch upon disclosures made to schools, utilization of genetic data, and the use of information concerning deceased individuals.
As entities subject to HIPAA know, the law already presents an incredible array of logistical, technological, and educational challenges due to its scope and complexity. Given the material changes enacted by the Omnibus Rule, it is an appropriate time for covered entities to undergo a comprehensive review of their written HIPAA policies, their practices for ensuring the safekeeping and proper transmission and use of such materials, and their procedures for the enforcement of internal rules and prohibitions. Now is also the time for companies who are business associates of covered entities to review their business associate contracts and all aspects of their relationships with covered entities.
Of course, each company’s circumstances are unique and there are additional exceptions and requirements under federal and state law. If you are questioning the applicability of HIPAA and the Omnibus Rule to your business, or are planning to update your existing policies and procedures relating to HIPAA, we recommend you consult your legal counsel to discuss your individual circumstances.
For more information on this topic please contact Califf & Harper, P.C. by calling 309-764-8300 or 1-888-764-4999. This article is intended to provide general information regarding the topic discussed herein but is not intended to constitute individual legal advice.