HIPAA Update

The US Department of Health and Human Services (HHS) recently announced new changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The new rules take effect on March 26, 2013 and providers and business associates are required to comply with the applicable requirements by September 23, 2013.  The highlights of the new rule are as follows:

The Business Associate Agreement

If you are in healthcare and do business with anyone (excluding patients) you must have revised, signed business associate agreements (BAA) ‘s.  Here’s a link to a sample BAA

Forget trying to figure out if you’ll disclose information to them or they might have access to information.  The guy who fixes your copier?  He signs it.  The window washer?  He signs it.

These business associate contracts must be updated to reflect the new rule. Revised business associate contracts must be dated after January 25, 2013 and must be completed and signed by September 23, 2013.

Notice of Privacy Practices

Update your Notice of Privacy Practices to reflect the provisions of the new rule. Revised Notices of Privacy Practices must be dated after January 25, 2013 and must be completed and signed by September 23, 2013.

HIPAA Security Policy

You must have a HIPAA security policy in place, including a HITECH breach notification policy and process.

You must have a HIPAA process for their practice and a training program for their employees.  And you must document the training that takes place.


Yup, here’s the biggie….marketing authorization forms

Audiology practices must have a patient sign a marketing authorization prior to sending any third-party marketing materials to their patients; the most conservative guidance would be that all audiology practices have all of their patients complete a marketing authorization and that, without this authorization, the patient is removed from any marketing communication until this authorization is obtained.

And as with all HIPAA updates we provide, please remember we are not the ones setting the policy…just explaining it, no matter how insanely ridiculous, costly and next to impossible to implement it may be.


About The Author

Robbie Bright-Poole

Robbie Ann Bright-Poole is currently the President and one of the founders of Oracle Hearing Group. Mrs. Poole opened her Audiology practice, Bright Hearing Center, in 1989. The success of her practice afforded her the opportunity to mentor others seeking a similar measure of success. She sold her practice and decided to make mentoring others in the field of Audiology a full-time business. Oracle Hearing Group obtained its first client in 2004. In addition to overseeing the day to day running of the Oracle she is the primarily responsible for the creation of the enormous amount of content that is at the disposal of each Oracle client.

2 thoughts on “HIPAA Update

  1. Robbie, are we required to have a BA agreement signed with individual physicians or groups, hospitals, clinics, social workers or other audiologists with whom we exchange PHI such as audiograms and medical history, med lists, referrals etc. via fax, email, regular mail or over the phone? If so, who becomes the business associate and who is the covered entity?

Leave a Reply

Your email address will not be published. Required fields are marked *