Tuesday, May 21, 2013

Tools for the Trade: Understanding HIPAA


As a result of the intricate details and requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), it comes as no surprise that HIPAA Privacy and Security Rules can cause challenges and confusion for even the most sophisticated providers. With this in mind, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) has recently provided tools meant to educate both consumers and providers on HIPAA.

Before OCR published this guidance on HIPAA and HITECH on its website, consumers (i.e., patients) routinely accepted and signed HIPAA Notices of Privacy Practice without understanding what rights HIPAA protects.  As a result, OCR aimed to familiarize consumers with their health information privacy and security rights by posting factsheets (available in eight languages) on their website. With this new online guidance, patients may come into a provider’s facility more informed and educated about their privacy rights and may demand greater privacy protections from their provider.  Thus, the OCR guidance could potentially change the privacy expectations of patients.

However, consumers are not the only parties that the OCR seeks to educate and inform about HIPAA privacy and security.  OCR has also posted lots of informational resources for providers. The OCR offers general information on 16 topics and training materials.  However, OCR’s educational and informational resources are very general and only provide an overview of certain topics.

For providers in small practices, OCR created a YouTube video, The HIPAA Security Rule, that provides an overview of how to establish basic security safeguards to protect patient health information.  Additionally, there are three new Medscape modules on HIPAA compliance.  These Medscape modules offer free Continuing Medical Education credits for physicians and other healthcare professionals. These modules are purely educational and are intended to help providers brush up on HIPAA Privacy and Security Rules. However, it is unclear if these modules will be updated whenever a HIPAA regulation or law changes.

While the factsheets and videos offer valuable guidance, they are not a substitute for legal advice, especially with the changing regulatory and legal environment, and will not apply to all incidents your facility may encounter.

Emily M. Hord
ehord@mmlk.com
McBrayer, McGinnis, Leslie & Kirkland, PLLC
Lexington, Kentucky

No comments:

Post a Comment