The US Department of Health and Human Services (HHS) recently announced new changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The new rules take effect on March 26, 2013 and providers and business associates are required to comply with the applicable requirements by September 23, 2013. The highlights of the new rule are as follows:
The Business Associate Agreement
If you are in healthcare and do business with anyone (excluding patients) you must have revised, signed business associate agreements (BAA) ‘s. Here’s a link to a sample BAA
Forget trying to figure out if you’ll disclose information to them or they might have access to information. The guy who fixes your copier? He signs it. The window washer? He signs it.
These business associate contracts must be updated to reflect the new rule. Revised business associate contracts must be dated after January 25, 2013 and must be completed and signed by September 23, 2013.
Notice of Privacy Practices
Update your Notice of Privacy Practices to reflect the provisions of the new rule. Revised Notices of Privacy Practices must be dated after January 25, 2013 and must be completed and signed by September 23, 2013.
HIPAA Security Policy
You must have a HIPAA security policy in place, including a HITECH breach notification policy and process.
You must have a HIPAA process for their practice and a training program for their employees. And you must document the training that takes place.
Yup, here’s the biggie….marketing authorization forms
Audiology practices must have a patient sign a marketing authorization prior to sending any third-party marketing materials to their patients; the most conservative guidance would be that all audiology practices have all of their patients complete a marketing authorization and that, without this authorization, the patient is removed from any marketing communication until this authorization is obtained.
And as with all HIPAA updates we provide, please remember we are not the ones setting the policy…just explaining it, no matter how insanely ridiculous, costly and next to impossible to implement it may be.