1. The definition of "business associate" has been expanded to include entities that provided date transmission services or that have access to PHI on a regular basis.
2. Business associates can now be audited directly by the Department of Health and Human Services and can be fined for HIPAA violations. Before the Stimulus, covered entities were responsible for making sure its business associates were compliant with the HIPAA laws.
3. Under the new laws, a covered entity must inform individuals of any security breach involving that person's PHI. Under the old laws, there was no requirement to notify individuals.
4. The Stimulus requires covered entities to comply with an individual's request to limit disclosure of their PHI. Before the Stimulus, the covered entity did not have to honor that request. The Stimulus does have exceptions for payment matters where the individuals cannot limit disclosure of his/her PHI.
5. If the covered entity keeps electronic medical records, then if requested, the covered entity must provide the individual access to his or her records in electronic format.
The above are just a few of the changes to the HIPAA law buried within the Stimulus Package.
No comments:
Post a Comment