Changing Rules Under HIPAA/HITECH

Changing Rules Under HIPAA/HITECH

Just when everyone began to feel more comfortable with the rules governing patient privacy and medical record security, the rules are changing. The Health Insurance Portability and Accountability Act of 1996, or HIPAA, and its resulting regulations have largely been in effect since April 15, 2003. However, the stakes were raised with the passage of the Health Information Technology for Economic and Clinical Health Act, commonly referred to as HITECH, which was part of the American Recovery and Reinvestment Act of 2009. In the past, much criticism was leveled against HIPAA because of the appearance that it did not go far enough in its enforcement efforts and its regulation over thousands of people and entities that have access to or maintain patient’s private medical information. That is now changing, and practitioners, health care facilities and, specifically, those businesses and persons in arrangements with practitioners and facilities must take note.

Below are several of the key changes arising out of HITECH:

 HITECH directly regulates business associates for the first time. While not subjecting business associates to all of the obligations of covered entities (such as providing privacy notices), the statute requires business associates to comply with the HIPAA provisions mandating administrative, physical and technical safeguards;

HITECH establishes the first national data security breach notification law. It requires Covered Entities to provide notice of a breach of unsecured protected health information (PHI) to each individual without unreasonable delay, but in no event later than sixty (60) days from discovery of the breach. There are additional notification requirements when more than 500 individuals are involved.

Enforcement is strengthened under HITECH. Greater civil money penalty amounts apply to the HIPAA Privacy and Security Rule violations occurring after February 18, 2009.

For the first time patient victims of HIPAA violations will have the opportunity to share in any penalties imposed against a Covered Entity. HHS is required to adopt such a methodology within three years of HITECH’s enactment, which is now upon us in 2012.

So why should you care about the changing rules? Again, one of the biggest reasons relates back to the criticism that HIPAA was not going far enough to deter unpermitted disclosures of patients’ private medical information. To address this issue under HITECH the Office of Civil Rights is charged with arranging for the performance of mandatory HIPAA audits. HHS is required to implement periodic audits of compliance with the HIPAA Privacy and Security Rules, and up to 150 random HIPAA compliance audits will be performed by the end of 2012. While in the past, audits had been performed only at entities which had been the subject of a complaint, the new rule calls for audits whether or not there is a complaint. Entities selected for an audit will be informed by OCR of their selection and asked to provide documentation of their privacy and security compliance efforts. Additionally, every audit will include a site visit and result in an audit report. Call NPA today to discuss updating your HIPAA policies and procedures.

A BRIEF HISTORY OF NUTILE PITZ & ASSOCIATES

Maria Nutile, after 14 years of practicing law, took her aspirations, dreams and ambitions in to her own hands and left the “large-firm” world to open what would become a highly successful boutique law firm focusing on business and health care law. In addition to maintaining her commitment to being accessible to her clients, it is also wildly apparent that the other values the firm was founded on still ring true today – customer service, building relationships with each client and constant study and education to always be on top of shifts in the law. So, while the values remain the same, the makeup and address of the firm have changed over time. In 2002 Maria set the wheels in motion, a year later she was joined by, now partner, Susan Pitz, a recent graduate of UNLV’s William S. Boyd School of Law. Within two years, they had outgrown their original “homey” setting and looked to Henderson for a change – in 2005 the doors opened on the location they still call home today.

After being in Las Vegas for just 1 year Maria Nutile saw this was a totally unique city-especially for businesses. . .10 years later the firm helps business people both new to the valley and locals alike to navigate this unique climate.

As quickly as Las Vegas changes it seems ever steady compared to the world of health care law. Healthcare reform is upon us and with it a new set of rules is facing the industry. Furthermore, with the implication and modifications of existing healthcare regulations (e.g., Stark law, HIPAA and anti-trust laws), the team at NutilePitz & Associates is constantly studying the law and how they apply to their clients here in Nevada, the west and throughout the nation. You will often see one of the attorneys speaking at Universities, legal and medical seminars and other educational venues sharing this knowledge.

As they celebrate their 10th year here in Southern Nevada, Nutile Pitz & Associates pride themselves in providing just that to their clients – stability.