In the world of HIPAA we have a dizzying array of acronyms to keep straight: HITECH, NPP, PHI, GINA, AFEHCT and on and on… Now, the HIPAA regulators at the U.S. Department of Health and Human Services (HHS) have coined a catchy term for the new HIPAA compliance laws that went into effect this Monday, September 23, 2013: The HIPAA Omnibus Rule.
The HIPAA Omnibus Rule is a more stringent set of standards and regulations which provides stronger privacy rights for patients. The privacy rights are outlined in a new Notice of Privacy Practices (NPP) document which medical providers must give to new patients as of September 23, 2013. New patient rights include the following:
- Patients now have a right to tell their provider to not share information with their health insurer about treatment paid for out of pocket. According to practice management consultant Mary Pat Whaley, these private payments are often for psychiatric or mental health treatment, which patients do not want their insurance plans to know about.
- Stronger regulations are also in place regarding how patient health information may be used and disclosed for marketing and fundraising purposes.
- Privacy regulations now extend to business associates of medical providers, including outsourced billing companies. As a result, we expect third party billing services to become even more cautious and strict regarding the release of patient information in the weeks and months ahead.
As all of us in the world of litigation know, obtaining complete medical records is one of the more difficult and pain-staking aspects of working up the case. We will keep our fingers on the pulse of these developments in the months ahead and we will keep the legal world apprised of any changing requirements regarding authorized access to patient medical and billing records.
For any questions regarding access to medical records under the new HIPAA Omnibus Rule, please feel free to contact MEDRECS, Inc.
In light of these new HIPAA regulations, we suggest that any office or firm that stores or accesses patient medical records provide HIPAA compliance training to staff and personnel on a regular basis. The laws are constantly being updated and the penalties for HIPAA violations continue to become more serious. Links to helpful websites are below.
MEDRECS FAQ Page: http://www.medrecs.com/Home/FAQ
HHS Website: http://www.hhs.gov/ocr/privacy/index.html