Warning- Warning- Warning
The date of enforcement for the new HIPAA Final Omnibus rule is drawing near. Fines for non-compliance of HIPAA restrictions will start this September 23rd- for all 563 pages of healthcare marketing and health communication regulations.
Under the Health Insurance Portabiity and Accountabiity Act of 1996 (HIPAA) security of patient information is spelled out and addresses the associated actions of health marketing, fundraising and communications.
Stiffer changes have been made, strengthening patient rights and upholding the prohibition of disclosures by all healthcare providers, medical staff, medical insurance agents and other third-party businesses related to the patient’s care (e.g. medical transcription services)
Before marketing products or health services outside the scope of a patient’s specific treatment, patients must give a written authorization. Hospitals can communicate with patients about services when they are either included or enhance the patient’s plan.
New changes include:
- Adding subcontractors to the category of business associates, thereby requiring the same written contracts with the subcontractors as is done with the business associates
- Applying privacy rule provisions to all business associates
- A change to the meaning of “marketing” with a specific list of approved promotional activities
- mandates that covered entities get authorization from patients for any disclosure of information (except for health exchanges)
Quite simply, you can not share patient’s information with anyone that the patient has not first designated and signed authorization. You can not disclose anything about the patient to others. The fines will be exorbitant and becoming a test case for enforcement of the law is a nightmare you need to avoid!
I’ll keep you posted on any changes to HIPAA as they develop. Sign up in the opt-in box at the top left corner of this page so that you don’t miss any important information as it comes up. See you at the next post!