Sunday, March 27, 2011

An Important Update on HIPAA

Over a year ago, an important update to HIPAA occurred and few medical practices and vendors have made adjustments to there operations as a result.  For the first time, HIPAA now is also enforced against the vendors of a medical practice.  HIPAA addresses protection of certain Protected Health Information (PHI) of patients.

Historically the duty of protecting the information and the fines and penalties for a violation were the sole duty of the medical practice. However, new legislation signed into law in 2009 and made effective February of 2010 now places a duty on the business vendors of a medical practice too.

It is now important (if not required) that a medical practice have a Business Associate Agreement in place with business vendors who have access to the PHI.  Examples of this would be computer software vendors, outside marketing firms, staff that is not directly employed by the physician practice (such as in many medical spas in which spa personnel schedule appointments or handle check in an check out), even janitorial if there is a possibility of them accessing PHI, pharmaceutical reps..and many more.

In my experience, practices are not adopting new Business Associate Agreements and this is vital.  Business vendors are not doing it either - however they are likely to be unaware of the need for them.  In my opinion, changes in patient intake forms should be adopted as well as a result of this new law.

No comments:

Post a Comment