Tuesday, May 21, 2013
Tools for the Trade: Understanding HIPAA
Before OCR published this guidance on HIPAA and HITECH on its website, consumers (i.e., patients) routinely accepted and signed HIPAA Notices of Privacy Practice without understanding what rights HIPAA protects. As a result, OCR aimed to familiarize consumers with their health information privacy and security rights by posting factsheets (available in eight languages) on their website. With this new online guidance, patients may come into a provider’s facility more informed and educated about their privacy rights and may demand greater privacy protections from their provider. Thus, the OCR guidance could potentially change the privacy expectations of patients.
However, consumers are not the only parties that the OCR seeks to educate and inform about HIPAA privacy and security. OCR has also posted lots of informational resources for providers. The OCR offers general information on 16 topics and training materials. However, OCR’s educational and informational resources are very general and only provide an overview of certain topics.
For providers in small practices, OCR created a YouTube video, The HIPAA Security Rule, that provides an overview of how to establish basic security safeguards to protect patient health information. Additionally, there are three new Medscape modules on HIPAA compliance. These Medscape modules offer free Continuing Medical Education credits for physicians and other healthcare professionals. These modules are purely educational and are intended to help providers brush up on HIPAA Privacy and Security Rules. However, it is unclear if these modules will be updated whenever a HIPAA regulation or law changes.
While the factsheets and videos offer valuable guidance, they are not a substitute for legal advice, especially with the changing regulatory and legal environment, and will not apply to all incidents your facility may encounter.
Emily M. Hord
McBrayer, McGinnis, Leslie & Kirkland, PLLC