HIPAA Notice of Privacy Practices Require Changes by Sept. 23

The HIPAA mega rule published on Jan. 25, 2013 in the Federal Register (78 Fed. Reg. 5566). The rule includes four different final rules that modify the requirements for "covered entities," notably what must be included in the Notice of Privacy Practices that must be posted in medical facilities and provided to patients upon request.

Covered entities are health care providers that transmit health information in electronic transactions directly or through others; clearinghouses; and health plans. 

The mega rule requires covered entities to make changes to the Notice of Privacy Practices by Sept. 23, 2013. For most medical practices, the additions to the Notice are:

• Describe the types of uses and disclosures of protected health information that require an authorization. For example, the Notice must be clear that the patient must authorize the use of their information for marketing by third parties like pharmaceutical companies.
• Clarify that the patient will receive notice of any breach of privacy or security for their protected health information.

The updated Notice must be made available to patients and posted in a clear and prominent location on or after the revision date .

To hear more detail about these changes, participate live in the Searfoss Consulting Group's Gimme 15 Minutes webinar on March 20. Registration is free. Or download the podcast available on March 21 to listen at any time! For the slides used in the presentation, you need to participate live or purchase the archive.

BA Agreements require changes by Sept. 23, 2013

The HIPAA mega rule finalized a number of changes to the privacy and security requirements for medical practices. Get what you really need to know about the new requirements for your business associate (BA) agreements in 15 minutes.

From the Searfoss Consulting Group - only $15 for video, podcast and handouts in this cram session.

Click here to order online for instant access.