HIPAA Privacy Deadline Fast Approaching

Compliance Changes Effective September 23

HIPAA privacy relates to medical and dental filesJust when you thought your office or company had HIPAA privacy compliance down, the rules are changing again. Technically, the rules changed in March, but the deadline for implementation of updated HIPAA privacy rules is September 23. There are three major changes, one of which address electronic data transmission. The other changes impact business partner agreements and Notice of Privacy Practices.

Covered Entity Agreements

Providers who share protected health information with other entities need to have HIPPA-compliant agreements with those entities on file. Covered entities include all providers that transmit electronic health information, health insurance plans, pharmacies, and health care clearinghouses. If you aren’t eligible for an extension, you’ll need updated agreements signed prior to the September 23 deadline.

Notice of Privacy Practices

Under the new rule, patients can request electronic medical records or limit the amount of information providers provide to health plans when a patient pays out of pocket. In addition to training your staff about new privacy rules, you’ll have to update the Notice of Privacy Practices (NPP) you give to all patients. It’s a good idea to have all your patients–old and new–sign and receive an updated NPP.

Maintaining HIPAA Privacy Compliance

Protecting confidential medical records is becoming a complex process. With electronic records, mobile access, and patients wanting information via hard copy and email, there are many channels to keep up with. Simplifying the way you deal with hard copy records and documents is a first step to creating HIPAA-compliant processes. No matter what size your office is, you need a retention and destruction plan for physical documents. Know how long you have to keep each item, and don’t sit on out-of-date documents.

Extra paper takes up expensive space, and the longer you keep something, the better your chance at noncompliance. Instead, build a relationship with a local record archive and shredding company (like us). We recommend archiving records at least once a quarter and have old documents shredded at least once a year.