The Department of Health and Human Services (HHS) released a final rule that requires companies to comply with a variety of new HIPAA provisions by Sept. 23, 2013.
As a DMEPOS provider, you are probably wondering what all of these new provisions mean for your company. It will be the responsibility of your office staff to begin making all of the necessary updates to applicable HIPAA forms and prepare action items for all of the privacy and security requirements.
The following FAQs should help your staff prepare for these changes.
What has changed with regard to HIPAA?
The new provisions that HHS released in January 2013 address all of the required changes to HIPAA stemming from the Health Information Technology for Economic and Clinical Health Act (HITECH). This Act was passed by Congress in 2009 to not only provide regulations to safeguard electronic health information but also incentivize physicians to adopt electronic health records (EHR) through the meaningful use program. The main changes to HIPAA that home medical equipment companies need to be prepared for include:
- Updated notice of privacy practices form
- Expanded scope of business associate agreements
- Changes to breach notification requirements
- Required patient access to electronic medical records
- Protecting the privacy of self-pay patients’ medical records
- Marketing requirements
- Changes in criminal and monetary penalties for violation of HIPAA