Recent Changes in HIPAA Policy The much anticipated Omnibus Rule that modifies the former regulations surrounding the Health Insurance Portability and Accountability Act of 1996 (or HIPAA as it is commonly known) is now in full swing and completely enacted by federal law. The Omnibus Rule, that was signed in January and implemented in March, has now survived its six month compliance period and is completely incorporated, or should be, by all entities and business that are covered by HIPAA policies as of September 23 of this year.
Ignorance With the changes to the HIPAA law, as with when any law changes, there can be many people who do not fully understand the new law or who do not understand how it can affect them. This valid ignorance of the new regulations surrounding HIPAA can be excused by those individuals who do not work directly in the fields and industries that use HIPAA the most, such as medical offices and insurance providers. Ignorance of the new HIPAA regulations by any business as a whole, however, should not be so easily excused. Businesses of any type or form should understand the new regulations surrounding the HIPAA reforms so that they can best, and legally, serve their employees with the proper understanding of online HIPAA training.
Training By undertaking online HIPAA training courses, those industries and businesses that need to inform their employees of the needs of HIPAA, the functionality of HIPAA, and the proper implementation of HIPAA regulations will be able to have an informed and competent work force. Those who choose to not train their employees on the new HIPAA requirements and regulations are not only in possible neglect of federal law, depending on their industry, but are likewise setting their endeavors up for failure should an issue with HIPAA arise. The new changes to HIPAA are more likely to affect those businesses and entities who are covered by HIPAA, including health care providers, health care planners and implementers, and the health care insurance plans of most self-insured employers and clearinghouses. The new changes will likewise affect the business associates of the above mentioned organizations who access the organization’s protected health information, known commonly by its acronym of PHI.
Expanding As a part of those who are affected, one of the changes to HIPAA includes an expanded definition of what constitutes a business associate of the entities covered in HIPAA. The definition of a business associate of a HIPAA compliant organization now includes all subcontractors of the associate to the HIPAA organization who handles in any way the PHI stemming from the before mentioned business associate, even if the subcontractor has an indirect association with the business associate. Other changes that will effect HIPAA covered businesses and organizations include an expanded liability for how business associates and their subcontractors handle PHI moving forward, covered organizations will have to revamp their Notices of Privacy Practices in order to properly reflect their uses and disclosures of the patient’s PHI, and individuals will be able to have certain PHI from being disclosed to health plans if the individual pays in full for the service out of pocket and requests that the care be restricted. With these and other important changes to HIPAA, it is vitally important for both individuals and organizations to learn all they can about the recent alterations to HIPAA. Photo Credit: Wikimedia, Regcompliance