Rita Bowen, vice president of privacy, compliance and health information management policy, MRO Corp.
As federal regulators intensify their focus on compliance with requirements to provide patients with access to their health information, healthcare organizations need to sort through a variety of emerging challenges, says health information management and privacy expert Rita Bowen.
The Department of Health and Human Services Office for Civil Rights has issued more than a dozen HIPAA settlements - ranging from $3,500 to $160,000 - in cases involving covered entities failing to provide timely access to a patient s requested health information.
Under HIPAA, covered entities must within 30 days fulfill patients requests for copies of their health information in the format of their choice. But under a proposal issued by HHS OCR this month to modify the HIPAA Privacy Rule, that compliance timeframe could potentially be reduced to 15 days (see:
Get the latest industry news first when you subscribe to our daily newsletter.
We will never sell or share your information without your consent. See our privacy policy.
Doctors Worry About Patients Reading Their Clinical Notes medscape.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from medscape.com Daily Mail and Mail on Sunday newspapers.
To embed, copy and paste the code into your website or blog:
On November 20, 2020, the Centers for Medicare and Medicaid Services and Office of Inspector General released final rules amending the regulations to the Stark Law and the Anti-Kickback Statute and Beneficiary Inducement Civil Monetary Penalty Law. As part of these final rules, the agencies liberalized the requirements under the existing exception and safe harbor for donations of electronic health record items and services, and created a new exception and safe harbor to allow donations of cybersecurity technology and related services.
IN DEPTH
On November 20, 2020, the US Department of Health & Human Services (HHS) released final rules amending the regulations to the physician self-referral law (Stark Law) (Stark Rule) and the Anti-Kickback Statute (AKS) and Beneficiary Inducement Civil Monetary Penalty Law (collectively, AKS Rule) in connection with HHS’s Regulatory Sprint to Coordinated Care. As part of the Stark Rul
To embed, copy and paste the code into your website or blog:
On December 19, the Senate passed H.R.7898, which the House of Representatives had previously passed on December 9. This law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Secretary of Health and Human Services (HHS) to consider certain “recognized security practices” of covered entities and business associates when making determinations to issue fines or penalties under the HIPAA Security Rule.
The law defines “recognized security practices” as “the standards, guidelines, best practices, methodologies, procedures, and processes developed under section 2(c)(15) of the [NIST] Act, the approaches promulgated under section 405(d) of the Cybersecurity Act of 2015, and other programs and processes that address cybersecurity and that are developed, recognized, or promulgated through regulations under other statutory authorities.” It is likely that HHS will fur