HIPAA Security Breach Regulations on the Way for September 2009
As many physicians know, the provisions of the Health Insurance Portability and Accountability Act (HIPAA) have been playing a role in their practices for a number of years.
HIPAA itself was a law that set standards for electronic transmission of claims data, the privacy of protected health information (PHI), and the steps necessary to develop and implement a security system to protect this PHI.
Effective September 23, 2009, new regulations issued by the U.S. Department of Health and Human Services (HHS) will require covered entities to notify affected individuals and HHS following the discovery of a breach of this protected patient information.
Under these new regulations, covered entities must analyze every privacy and/or security incident to determine whether a notification requirement exists and then satisfy detailed notice requirements.
Physician practices must familiarize themselves with the following concepts and develop ways to address any such incidents.
· Understand what a "Breach” is
· Understand the role of practice staff and Business Associates in these new regulations
· Define and understand what is “unsecured patient information"
· Recognize and determine whether security/privacy has been "compromised"
· Know when and to whom a notification of a security breach needs to be made
· Understand what covered entities and business associates need to do to proactively address these new regulations.
Detailed information on all of the above has been provided by the Department of Health & Human Services and the Office of Civil Rights (which now handles all HIPAA security issues) and is available for review at the web site below under the Final Regulation link.
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/breachnotificationifr.html
In addition, many law firms that specialize in working with physician practices can assist you in developing a formal compliance program to meet the requirements of these regulations.
Or, for guidance on this issue, contact us through the Third Party Insurance Help Program.