1 / 4

HITECH/HIPAA Changes

HITECH/HIPAA Changes. Privacy-Security Champ Meeting February 10, 2010. Fundraising : Clear opt-out information Effective 2/2010 Marketing: Additional restrictions on communication where entity is paid for communication. Effective 2/2010

ailis
Download Presentation

HITECH/HIPAA Changes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HITECH/HIPAA Changes Privacy-Security Champ Meeting February 10, 2010

  2. Fundraising: Clear opt-out information Effective 2/2010 • Marketing:Additional restrictions on communication where entity is paid for communication. Effective 2/2010 • Sale of PHI: No direct or indirect remuneration in exchange for PHI, unless the individual signed an authorization; certain exceptions. Regs pending; enforcement 6 mos. Later. • Minimum Necessary: Covered entity must limit PHI to limited data set, or, if necessary, to minimum necessary. Effective 2/2010

  3. Accounting for TPO Disclosures: If covered entity maintains an electronic health record (EHR), an accounting disclosures for TPO for the three years prior to the request. Effective Date: Depends on CE’s adoption of HER (anticipated, 2014) • Right to Electronic Access: If covered entity uses an EHR, individual has a right to a copy of his PHI in electronic format. Effective 2/2010 • Right to Restriction: Covered entity must comply with individual’s request for restriction if disclosure: (1) is to health plan for payment or health care operations and (2) pertains to item/service that patient paid for “out-of-pocket.” Effective 2/2010

  4. Business Associates: Liable for compliance with Security Rule and uses and disclosures under Privacy Rule; HIEs, certain PHR and others transmitting data are business associates. Effective 2/2010 • Notice of Privacy Practices: New Privacy Notice. EVERY patient must receive a copy of the new one; as if they were new patient. Effective 2/17/2010 • Acknowledgement Forms: Form is the SAME! New procedure: Do NOT send them to Privacy Office anymore! Attach them to face sheet and send to Health Information for scanning into patient record. Effective 2/17/2010.

More Related