Wednesday, September 18, 2013

OCR, ONC Release Model Notices for HIPAA Compliance


Two HHS agencies have released model notices that health care providers can use to comply with new HIPAA privacy and security rules that take effect in less than a week, Health Data Managementreports (Goedert, Health Data Management, 9/16).


The final HIPAA omnibus rule -- which includes four final rules that implement tougher privacy and security provisions -- was called for under the 2009 federal economic stimulus package's HITECH Act and the Genetic Information Nondiscrimination Act. The rules:
  • Clarify when breaches must be reported to HHS' Office for Civil Rights;
  • Establish new standards for the use of patient-identifiable information for fundraising and marketing;
  • Expand liability to "business associates" of hospitals and other "HIPAA-covered entities," such as data miners and health IT service providers; and
  • Raise the maximum penalty for noncompliance to $1.5 million per violation.
The new federal privacy and security regulations will take effect Sept. 23 (iHealthBeat, 9/10).

Details of Models

The examples were developed by HHS' Office for Civil Rights and the Office of the National Coordinator for Health IT.
OCR and ONC released the model notices in three formats:
  • A booklet;
  • A layered notice with a summary of the information on the first page and full content on additional pages; and
  • A notice with the design elements of a booklet, but formatted for full-page presentation.
Covered entities also can download a text-only version (Miliard, Healthcare IT News, 9/17).

No comments:

Post a Comment