Significant new changes to the HIPAA law require dramatic changes to each practice's Privacy and Security Compliance Manual. Those who have not updated their HIPAA manuals to comply with the HITECH requirements, which went into effect 2013, need to do so right away.
It is an understatement to say that the HITECH act has changed HIPAA compliance.
The biggest change to HIPAA compliance is the significant toughening of data breach notification requirements, which now not only impose larger fines and require more extensive public notifications when data is lost, but also apply to a health care provider's business associates.
There are many required changes for HIPAA Compliance manuals, but here are a few of the most important ones.
Pediatric practices must:
- Update all their Business Associate agreements because of the new data breach provisions and penalties.
- Update their Notice of Privacy Policies to address patient rights to access their medical records and be notified of data breaches.
- Revise their policies and procedures for providing patients access to their medical records.
WARNING: These manuals are templates meaning they contain sample policies and procedures. Each practice will need to adapt them to align with its specific staffing, technology, and office operations. It is important to remember that HIPAA compliance is more than having a manual on a shelf. The policies, procedures and staff training described in the manual must be incorporated into the practice's daily operations.