ENTtoday
  • Home
  • Practice Focus
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Departments
    • Issue Archive
    • TRIO Best Practices
      • Allergy
      • Facial Plastic/Reconstructive
      • Head and Neck
      • Laryngology
      • Otology/Neurotology
      • Pediatric
      • Rhinology
      • Sleep Medicine
    • Career Development
    • Case of the Month
    • Everyday Ethics
    • Health Policy
    • Legal Matters
    • Letter From the Editor
    • Medical Education
    • Online Exclusives
    • Practice Management
    • Resident Focus
    • Rx: Wellness
    • Special Reports
    • Tech Talk
    • Viewpoint
    • What’s Your O.R. Playlist?
  • Literature Reviews
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Multimedia
    • Video
    • Audio
  • Events
    • Featured Events
    • TRIO Meetings
  • Contact Us
    • About Us
    • Editorial Board
    • Triological Society
    • Advertising Staff
    • Subscribe
  • Advertise
    • Place an Ad
    • Classifieds
    • Rate Card
  • Search

HIPAA Expansion: Ensure your practice meets the law’s new provisions

by Steven M. Harris, Esq. • January 1, 2010

  • Tweet
  • Email
Print-Friendly Version

For the privacy rule, the HITECH Act imposes an obligation on both parties to police the compliance of the other party. For example, if a third-party service provider becomes aware of a pattern of activity or practice of the physician that constitutes a material breach of the physician’s obligations under the Business Associate Agreement, the service provider must take reasonable steps to cure the breach. What is a reasonable step will vary with the circumstances and nature of the parties’ relationship. If those steps prove to be unsuccessful in curing the breach, the service provider must either terminate the contract with the physician, if feasible, or report the problem to the Department of Health and Human Services (HHS).

You Might Also Like

  • Department of Health and Human Services’ Final Rule Expands HIPAA Obligations, Violation Penalties
  • Healthcare Providers Must Comply with HIPAA Privacy Practices
  • Omnibus Rule Compliance Deadline Imminent
  • Preparing for Increased HIPAA Audits Among Smaller Providers
Explore This Issue
January 2010

While HIPAA already requires physicians and business associates to enter into a written contract, existing agreements should be reviewed to determine whether they are sufficient under the HITECH Act and should be modified accordingly.

Notification Requirement

The HITECH Act requires covered entities and business associates that access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured PHI to provide notification upon discovering a breach of unsecured PHI. “Breach” is generally defined as the unauthorized acquisition, access, use, or disclosure of unsecured PHI. “Unsecured PHI” is PHI that is not secured through the use of a technology or methodology that renders PHI “unusable, unreadable, or indecipherable to unauthorized individuals.”

A physician who discovers a breach of unsecured PHI should inform the patient; a service provider that discovers a breach of unsecured PHI should notify the physician. In general, the notice must be provided “without unreasonable delay and in no case later than 60 calendar days after the discovery of the breach.”

Beyond HIPAA

The HITECH Act imposes many new requirements on the medical community that were not required under HIPAA. Be sure that you have a Business Associate Agreement in place that complies with the new requirements. For additional information, visit www.hhs.gov.

Disclosures upon Patient Request

The HITECH Act also requires physicians to comply with patient requests to restrict the disclosure of any PHI that pertains to a health care item or service paid out of pocket in full, under certain circumstances.

Accounting of Electronic PHI

In general, HIPAA provides the patient with the right to receive an accounting of any disclosures of his or her PHI. As such, HIPAA requires business associates to make information available to the physician to enable the physician to provide this accounting of disclosures to the patient. Under the HITECH Act, the physician must provide an accounting of the disclosures of PHI made by the physician and either an accounting of the disclosures made by service providers acting on behalf of the physician or a list of all service providers acting on the physician’s behalf, along with their contact information.

Prohibition on the Sale of PHI

The HITECH Act generally prohibits physicians and service providers from receiving remuneration in exchange for a patient’s PHI, unless the physician obtains a valid authorization from the patient. This prohibition is subject to exceptions, however, when the purpose of the exchange is for research, treatment of an individual, payment from a physician to a third-party service provider for activities involving the exchange of PHI, or other reasons determined by HHS.

Penalties and Enforcement

The HITECH Act expands enforcement activities and penalties for violations of the law. In the event of noncompliance, the violating party may be subject to civil monetary penalties ranging from $100 to $1.5 million per violation, depending on the amount of neglect and intent involved.

Pages: 1 2 3 | Single Page

Filed Under: Departments, Health Policy, Legal Matters, Practice Management, Tech Talk Tagged With: finance, healthcare reform, HIPAA, patient safety, policy, Security, technologyIssue: January 2010

You Might Also Like:

  • Department of Health and Human Services’ Final Rule Expands HIPAA Obligations, Violation Penalties
  • Healthcare Providers Must Comply with HIPAA Privacy Practices
  • Omnibus Rule Compliance Deadline Imminent
  • Preparing for Increased HIPAA Audits Among Smaller Providers

The Triological SocietyENTtoday is a publication of The Triological Society.

The Laryngoscope
Ensure you have all the latest research at your fingertips; Subscribe to The Laryngoscope today!

Laryngoscope Investigative Otolaryngology
Open access journal in otolaryngology – head and neck surgery is currently accepting submissions.

Classifieds

View the classified ads »

TRIO Best Practices

View the TRIO Best Practices »

Top Articles for Residents

  • Do Training Programs Give Otolaryngology Residents the Necessary Tools to Do Productive Research?
  • Why More MDs, Medical Residents Are Choosing to Pursue Additional Academic Degrees
  • What Physicians Need to Know about Investing Before Hiring a Financial Advisor
  • Tips to Help You Regain Your Sense of Self
  • Should USMLE Step 1 Change from Numeric Score to Pass/Fail?
  • Popular this Week
  • Most Popular
  • Most Recent
    • The Dramatic Rise in Tongue Tie and Lip Tie Treatment
    • Vertigo in the Elderly: What Does It Mean?
    • New Developments in the Management of Eustachian Tube Dysfunction
    • Experts Delve into Treatment Options for Laryngopharyngeal Reflux
    • Some Laryngopharyngeal Reflux Resists PPI Treatment
    • New Developments in the Management of Eustachian Tube Dysfunction
    • Vertigo in the Elderly: What Does It Mean?
    • Eustachian Tuboplasty: A Potential New Option for Chronic Tube Dysfunction and Patulous Disease
    • Some Laryngopharyngeal Reflux Resists PPI Treatment
    • Post-Tonsillectomy Taste Disorders Rare but Present
    • Study: Artificial Intelligence Can Help Predict Risk of Thyroid Cancer on Ultrasound
    • Nobel Awards for Otolaryngology Research
    • Visual Abstract Competition to Launch at 2020 Triological Society Sections Meeting
    • More Severe OSA Leads to Higher Blood Pressure in Patients with Resistant Hypertension
    • Link Between Hearing and Cognition Begins Earlier Than Once Thought

Polls

Will registry information and data science improve patient care?

View Results

Loading ... Loading ...
  • Polls Archive
  • Home
  • Contact Us
  • Advertise
  • Privacy Policy
  • Terms of Use

Visit: The Triological Society • The Laryngoscope • Laryngoscope Investigative Otolaryngology

Wiley
© 2019 The Triological Society. All Rights Reserved.
ISSN 1559-4939

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
This site uses cookies: Find out more.