Nextech Named 2024 Best in KLAS: Ambulatory Specialty EHR

«  View All Posts


Providers Adjust to new HIPAA Regulations

By: Nextech | October 30th, 2013

Providers Adjust to new HIPAA Regulations Blog Feature

It’s a new day in the medical industry. As of Sept. 23, new changes to Health Insurance Portability and Accountability Act (HIPAA) regulations have been sweeping the healthcare field, forcing physicians to keep a closer eye on the security of protected health information (PHI). The new revisions, also referred to as the “Omnibus Final Rules,” place added pressure on doctors to protect medical records with the threat of stiff fines for violators.

Stemming from the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, the new HIPAA regulations were announced Jan. 17, 2013, by the U.S. Department of Health and Human Services (HHS). The revamping of HIPAA’s rules comes as the federal government continues its push for early adoption of electronic medical records (EHRs). With billions of dollars in incentive payments going toward early EHR adopters, federal legislatures are working to clamp down on security breaches when it comes to PHI. Operating as the enforcers of new HIPAA sanctions, the Office of Civil Rights (OCR) will work to ensure compliance through investigating complaints and conducting audits of businesses and organizations covered by the rules. Doctors found to be outside of compliance could face hefty fines ranging from $100 to $50,000 per violation with a maximum fine of up to $1.5 million in 12 month period.

In addition to other changes, new HIPAA rules:

  • Require updates to Notice of Privacy Practices (NPP) documents and their redistribution to patients
  • Strengthen limitations on the use of personal health information for marketing and fundraising purposes
  • Give patients more access to health records by allowing them to request electronic copies of their healthcare information and requiring doctors to send the requested information within 30 days
  • Allow patients to restrict care information to insurance companies regarding treatment paid out-of-pocket by the patient
  • Requires practices to review policies and procedures for what to do if PHI is lost, stolen or unlawfully disclosed
  • Put business associates of covered entities directly at fault if compliance with certain regulations is not met
  • Require physicians to encrypt PHI, preventing it from being used if lost or stolen
  • Mandate that all staff members are properly trained and up-to-date on rule changes

For more information on changes to HIPAA and how to protect your practice, Click Here.