The goal of the new rule was to provide better protections for patient information.
For health providers and IT companies, it’s all about compliance. Non-compliance can bring stiff penalties from the Office of Civil Rights and The Department of Health and Human Services.
Have you ensured your office is aligned with the new requirements? Here are five things to check:
- Business Associate Accountability. The new rule expands how “business associates” are defined. In a nutshell, any company that sends or regularly accesses patient data is a business associate. This opens up a huge arena of liability. Each associate is responsible for protecting the data they are entrusted with, and the “source” of the data breach is the entity that will be held accountable. Business associates might include health IT companies, personal health record vendors, e-prescribing gateways or anyone that transmits or gathers your patient data. Be sure you are protected by having a valid business associate agreement with all your subcontractors that clearly outlines their responsibility.
- Patient Access. The rule stipulates that patients must have access to their medical records in the electronic format they prefer, even if the patient’s requested format creates a security risk. Hospitals and providers are only obligated to let the patient know about the increased risk.
- Marketing Partners. Providers must obtain permission from each patient before partnering with a third-party service for marketing purposes. This would include third-parties that wish to sell to the patient or simply collect payment. If the third- party needs access to patient data, the patient must give permission first. Marketing agreements that were already in place before the Omnibus rule have until September 23, 2014 to obtain permission.
- Protected Data for the Deceased. Providers can release health care data regarding a deceased person to family members, close friends or others that the patient indicated was involved in their care or payment for care.
- The Role of HIPAA Compliance. There are many aspects to the Omnibus rule. The most effective way to measure compliance is to be HIPAA compliant and to perform a regular risk analysis. If a data breach were to occur, the Office of Civil Rights will want to see evidence that the company performed a risk analysis.
Health care is going through tremendous reform. Legislative requirements are continuing to evolve. As a result, it’s imperative for health care organizations to have a partner they can trust. To find out how you can simply and cost effectively Achieve, Illustrate and Maintain HIPPA, HITECH and Omnibus compliance contact iMAX Medical Billing today at 866.624.7001.