The MedSafe Compliance Corner

The Department of Health and Human Services has finally come out with their final ruling on the Omnibus HIPAA mega rule.  This has felt like a long time coming, but the new provisions provide no big surprises.  MedSafe will be working with all of our HIPAA clients to get you up to speed and deliver the necessary changes for your manuals. 

With few exceptions, patients have the right to inspect and copy their medical information, but with the strict laws that govern protected health information (PHI), it is important for health care providers to understand proper procedures and rules that govern the release of medical records.

The Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) protects patient health information, but allows release of medical records under certain circumstances, one of which is the safe harbor rule of de-identified information. But what exactly constitutes de-identified information?

• New Pertussis Vaccine Is Less Effective
• HHS Investigation Tests HIPAA
• Second Worst Year for West Nile Virus
• Diet and Exercise Not Helpful in Preventing Heart Attacks For Type 2 Diabetics
• Boys Entering Puberty Earlier

New Pertussis Vaccine Is Less Effective

There are few words in the English language that evoke such fear and panic as “IRS audit,” but concern over payroll taxes and retirement funds are not the only reasons to worry. Releasing records that contain patient protected health information (PHI) could violate HIPAA regulations.

• Supreme Court Upholds Healthcare Reform Act
• Alaska Medicaid Pays $1.7 Million for HIPAA Violations
• CDC Bringing HIV Testing to Pharmacies
• First Weight Loss Drug in More Than a Decade Approved by FDA
• Hospital Faces Lawsuits Over Hepatitis C Outbreak
• Healthcare Will Need 5.6 Million New Jobs by 2020 to Meet Demand
  

Supreme Court Upholds Healthcare Reform Act

With over 400 major breaches of health care information reported to federal authorities since the HIPAA breach notification rule went into effect in 2009, the Department of Health and Human Services (HHS) is looking to impose greater financial penalties on practices that fail to comply with HIPAA rules. Recently, Blue Cross Blue Shield of Tennessee reached a $1.5 million settlement for an incident which involved the theft of 57 unencrypted computer hard drives, affecting close to one million individuals. With a proposed $2 million budget cut for fiscal 2013, HHS is planning to use money recouped through beach-related fines to help fund ongoing enforcement. Leon Rodriguez, Director of HHS, stated, “We’re going to use as much of the money as we can to increase our enforcement capacity, especially…to move us from a complaint-driven enforcement environment to more of an affirmative enforcement environment.”

With breaches of protected health care information reported nearly every day in the news, the one word that keeps popping up is “encryption.” The fact that a laptop or hard drive was lost or stolen isn’t the problem; the problem is that the data on these devices was not encrypted.

This week, In The Know, looks at the following news stories: CMS To Consider New Deadline for ICD-10 Deadline; Record Amount of $4.1 Billion Recovered in Health Care Fraud; Proposed Budget Increase for HHS, but Decrease for HIPAA Enforcement; Nurses Have Greater Risk of Miscarriages from Hazardous Substances at Work; Plain-Language Regulations Issued for Health Insurance Plans.

With confusion surrounding some of the HIPAA Rules, this short quiz may help you understand some finer points. If you missed last week’s quiz, click here for Part I. Then take this week’s quiz to see how you fare.