US HHS removes most onerous conditions of HIPAA privacy rule, but the rest of HIPAA remains unchanged. The US Department of Health and Human Services has announced that it will publish the “new” final HIPAA privacy rule, effective August 14. The initial rule, published in 2000, included a heavy administrative burden on covered entities (mainly, medical providers and health plans) to obtain written consent from patients to use their medical information for routine heath care delivery, which it defined as “treatment, payment, and health care operations.” The new rule only requires that patients be given a notice of their privacy rights, and medical providers are only required to make a “good faith” effort to obtain patient written consent, which can be difficult when some patients simply refuse to sign anything. It is important to note that although the HIPAA privacy rule has been softened, this in no way affects any of the other HIPAA provisions, such as those regarding electronic data interchange or information security. There has been some amount of “denial” among many health care providers that HIPAA might just “go away.” Nothing could be further from the truth. As deadlines for HIPAA compliance approach in 2003 and 2004, we expect a great deal of action in the health care industry to upgrade or replace non-compliant systems.
2 comments:
It is having said that until today 2007 many of healthcare organizations are unaware of what exactly the HIPAA rules and regulations are and/or they don’t want to invest their money to get HIPAA compliant. With the growing incidence of privacy breaches the compliance authorities should need to put more efforts bringing awareness about the HIPAA compliance and should try to make it easy and cost effective for organization to get HIPAA compliant. Very recently I came across one tool which I really find more helpful. This tool will help many organizations for multitask compliance achievement. A crosswalk between different regulations poster from Symantec is a very useful tool. This poster is crosswalk between: Sarbanes Oxley, HIPAA, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada) http://www.compliancehome.com/symantec/
If one needs to have a deep understanding of HIPAA and more information on HIPAA training and also HIPAA template suite along with enterprise contingency plan template suite which any organization, small or big, can use to meet their compliance requirements of Sarbanes Oxley (SOX), FISMA, ISO 17799 or any other regulation/standards requiring business impact analysis, risk assessment, disaster recovery planning (DRP), business continuity plan (BCP) and Testing & Revision of Plan, they can discover it at training-hipaa.net website by following the links given below
HIPAA Privacy and Security Certification Training
http://www.training-hipaa.net/certification_training/com_privacy_security.htm
Enterprise Contingency Plan Template Suite
http://www.training-hipaa.net/template_suite/enterprise_contingency_plan_template_suite.htm
Post a Comment