GFH REPORT: Information to understand the Health Insurance Portability and Accountability Act (HIPPA)?
by Gpa T – March 23rd, 2021
“An informed community is a strong community built on a foundation of rock rather grains of sand easily shifted by the vehemence of every wave of intention on the road to hell.”
– Thomas Michael
“If you will not fight for right when you can easily win without blood shed; if you will not fight when your victory is sure and not too costly; you may come to the moment when you will have to fight with all the odds against you and only a precarious chance of survival. There may even be a worse case. You may have to fight when there is no hope of victory, because it is better to perish than to live as slaves.”
― Winston S. Churchill
GFH Report:
(Health Insurance Portability and Accountability Act) HIPPA Journal
https://www.hipaajournal.com/
Excerpt:
What is Considered Protected Health Information Under HIPAA Law?
If you work in healthcare or are considering doing business with healthcare clients that requires access to health data, you will need to know what is considered protected health information under HIPAA law. The HIPAA Security Rule demands that safeguards be implemented to ensure the confidentiality, integrity, and availability of PHI, while the HIPAA Privacy Rule places limits the uses and disclosures of PHI.
Violate any of the provisions in the HIPAA Privacy and Security Rules and you could be financially penalized. There are even criminal penalties for HIPAA violations. Claiming ignorance of HIPAA law is not a valid defense.
What is Considered Protected Health Information Under HIPAA?
New HIPAA Regulations in 2021
Proposed Changes to the HIPAA Privacy Rule
The proposed new HIPAA regulations announced by OCR in December 2020 are as follows:
* Allowing patients to inspect their PHI in person and take notes or photographs of their PHI.
* Changing the maximum time to provide access to PHI from 30 days to 15 days.
* Requests by individuals to transfer ePHI to a third party will be limited to the ePHI maintained in an EHR.
* Individuals will be permitted to request their PHI be transferred to a personal health application.
* States when individuals should be provided with ePHI at no cost.
* Covered entities will be required to inform individuals that they have the right to obtain or direct copies of their PHI to a third party when a summary of PHI is offered instead of a copy.
* HIPAA-covered entities will be required to post estimated fee schedules on their websites for PHI access and disclosures.
* HIPAA-covered entities will be required to provide individualized estimates of the fees for providing an individual with a copy of their own PHI.
* Pathway created for individuals to direct the sharing of PHI maintained in an EHR among covered entities.
* Healthcare providers and health plans will be required to respond to certain records requests from other covered health care providers and health plans, in cases when an individual directs those entities to do so under the HIPAA Right of Access.
* The requirement for HIPAA covered entities to obtain written confirmation that a Notice of Privacy practices has been provided has been dropped.
* Covered entities will be allowed to disclose PHI to avert a threat to health or safety when harm is “seriously and reasonably foreseeable.” The current definition is when harm is “serious and imminent.”
* Covered entities will be permitted to make certain uses and disclosures of PHI based on their good faith belief that it is in the best interest of the individual.
* The addition of a minimum necessary standard exception for individual-level care coordination and case management uses and disclosures, regardless of whether the activities constitute treatment or health care operations.
* The definition of healthcare operations has been broadened to cover care coordination and case management.
* The Armed Forces permission to use or disclose PHI to all uniformed services has been expanded.
* A definition has been added for electronic health record.
Recent Changes to HIPAA Enforcement
Excerpt:
Halfway through 2018, OCR had only agreed three settlements with HIPAA covered entities to resolve HIPAA violations and its enforcement actions were at a fraction of the level in the previous two years. It was starting to look like OCR was easing up on its enforcement of compliance with the HIPAA Rules. However, OCR announced many more settlements in the second half of the year and closed 2018 on 10 settlements and one civil monetary penalty – One more penalty than in 2018. 2018 ended up being a record year for HIPAA enforcement. The final total for fines and settlements was $28,683,400, which beat the previous record set in 2016 by 22%.
The failure to conduct comprehensive risk analyses, poor risk management practices, lack of HIPAA policies and procedures, no business associate agreements, impermissible PHI disclosures, and a lack of safeguards all attracted HIPAA fines in 2020.
2020 saw more financial penalties imposed for potential violations of the HIPAA Rules than any other year, with the year closing with 19 settlements totaling $13,554,900.
Penalties for HIPAA Violations Changed in 2019
Excerpt:
One notable HIPAA change that happened in 2019 was an update to the penalties for noncompliance, which were reduced in three of the four penalty tiers. The HITECH Act called for an increase in penalties for noncompliance with HIPAA. At the time, the HHS interpreted the language of the HITECH Act as requiring a cap of $1.5 million for HIPAA violations across all four penalty tiers. In 2019, the requirements of the HITECH Act were reassessed and interpreted differently.
Sources:
(Health Insurance Portability and Accountability Act) HIPPA Journal