PMI Advises Physician Offices to Verify Compliance with HIPAA Omnibus Rule

SAN ANTONIO - Aug. 1, 2013 - PRLog -- Practice Management Institute (PMI) is urging physician practices to prepare now for an upcoming compliance enforcement deadline that impacts federal privacy requirements and will carry costly penalties.

The Health Insurance Portability and Accountability (HIPAA) Omnibus Rule, enacted in March, includes expanded obligations of physicians and other health care providers to protect patients’ protected health information (PHI). Of note to physicians are the obligations which have been extended to other individuals and companies who, as Business Associates (BA), have access to PHI, and an increase the penalties for violations under any of these obligations.

The Rule aims to further protect patient privacy and safeguard patients’ health information through our digital age with increased protection and control of personal health information and increased accountability for business associates. The Rule encompasses a variety of legislation ranging from expanding individual patient rights to their PHI, to determining the use of PHI for employee training, marketing, fundraising, and researching purposes, and notification plan for breaches. BA relationships and agreements should also be reviewed for compliance, especially those agreements entered before January 25, 2013.  

Requirements needed to comply with the HIPAA Omnibus Rule:

·         Revise BA agreement forms/templates to comply with new Rule and review existing agreements and contractor arrangements to determine compliance.

·         Revise/Modify HIPAA policies and procedures to address response to potential breaches of unsecured PHI.

·         Update and distribute Notices of Privacy Practice.

·         Review restrictions on the use of PHI for marketing, sales, and fundraising.

·         Train employees on new obligations.

An exception to the above requirements includes BA agreements entered before January 25, 2013. These existing agreements remain compliant until changed or renewed, or by September 22, 2014, whichever is sooner.

Enforcement efforts begin September 23, 2013, and the Department of Health and Human Services (HHS) has said it will investigate and penalize covered entities for willful neglect after the deadline with a maximum penalty of up to $1.5 million per violation.

PMI is addressing the new privacy and security ruling in its Privacy and Security Concerns for the Medical Practice live training class offered in hospitals and medical societies across the country and in a live webinar, Privacy and Security Updates for the Medical Practice, August 29, which will focus on physician compliance with the recent HIPAA Omnibus ruling. Information on these programs is available on the PMIMD.com web site.

PMI is the training, networking and credentialing source for medical office professionals. For 30 years, physicians and their staff have looked to PMI for skills that contribute to a more efficient, profitable and compliant office. Classes are hosted in hundreds of the nation’s leading hospitals, medical societies and colleges. PMI awards certification by exam to accomplished medical office coding, reimbursement, compliance, and management professionals.