HIPPA's "Mega Rule" Enforcement Begins

By Elena Gordon | NewsWorks.org
|  Monday, Sep 23, 2013  |  Updated 9:42 AM EDT
View Comments (
)
|
Email
|
Print
HIPPA's "Mega Rule" Enforcement Begins

ShutterStock

The updates expand patient rights.

advertisement

Washington's enforcement of major changes to patient privacy rules starts this week, but many area doctors may not be ready.

The new HIPAA "mega rule," as it's sometimes called, took effect in March and modifies health-care privacy and security requirements.

Fast forward 6 months, when enforcement kicks in.

Related Stories

"I've had experiences of meeting with physician practices and managers, and they're so caught up in the day-to-day, they'll say, 'What is this rule, what is it?'" said Julie Sheppard, a compliance consultant in Wilmington, Delaware. "Unfortunately, I think physicians right now are faced with so many different regulations, and they're so busy otherwise doing what we all want them to do."

The updates expand patient rights, Sheppard said. For example, patients can request electronic copies of their medical records if doctors have them in that form. Patients can also request that doctors never report procedures to a health plan, so long as they pay cash.

Sheppard said physician offices will have to update their notices of privacy practices, posting them online and in their offices. And it means those privacy forms patients get at the doctor's office will probably be longer, too.

Doctors must also beef up their security plans in the case of a breach, according to Angie Haas, a compliance officer based in Harrisburg.

"One of the big things that's probably going to be asked for if an auditor comes in, is they want to see your security-risk analysis," said Haas. "And basically, that is just looking at where you have protected health information in electronic form and how you're transmitting it from place to place and making sure you have proper security in place."

Haas said smaller practices, which don't necessarily have staff specifically focused on complying with rules and updates, may not have been paying as much attention to the changes.

"What they really need to do is update any policies and procedures if they have them," she said.

But it's not just doctors. Unlike before, the Health Insurance Portability and Accountability Act rules also now apply to "business associates" or subcontractors, such as billing companies and consultants.

Haas said penalties can range from $100 to $50,000 per violation.


This story was reported through a news coverage partnership between NBC10.com and NewsWorks.org

Get the latest headlines sent to your inbox!
View Comments (
)
|
Email
|
Print
Leave Comments
What's New
FlyeredUp: Win 2 Tickets to Flyers Playoff Game
Win two tickets to the first 2014... Read more
Follow Us
Sign up to receive news and updates that matter to you.
Send Us Your Story Tips
Check Out