HIPAA Privacy and Security Compliance Manuals
HIPAA requires all covered entities, such as physicians, health clinics, hospitals, laboratories, and pharmacies, develop and implement HIPAA Privacy and Security Compliance Manuals. Because this is no small task, template manuals have been developed for pediatric practices. AAP members may download them for free.
A brief overview on the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and its implication on the privacy provisions of HIPAA.
Because pediatricians and pediatric practices are considered Covered Entities, they must know and meet all the relevant requirements under HIPAA. Understanding what it means to be a Covered Entity is essential to being HIPAA compliant, and particularly important now that HIPAA is being more rigorously enforced.
HIPAA requires pediatric practices and other Covered Entities to identify its Business Associates--other people or entities that are involved in the use or disclosure of protected health information on behalf of the Covered Entity. These Business Associate Agreements have been around since HIPAA was first implemented, but must be revised to comply with additional provisions imposed by the HITECH Act.
Breaches of Protected Health Information
A major change to HIPAA compliance is the significant toughening of data breach of protected health information notification laws, which now not only impose larger fines and require more extensive public notifications when data is lost, but also apply to a health care provider's Business Associates.
Parental access to their child's or adolescent's protected health information is a complex issue. Pediatricians and relevant medical office personal need to understand these complexities and take appropriate steps to incorporate these factors in HIPAA policies and procedures and day-to-day operations.
Failure to comply with HIPAA can result in civil and criminal penalties. Under new enforcement provisions from the Health Information Technology for Economic and Clinical Health (HITECH) Act, enforcement provisions have been strengthened. Not only are physician offices and other Covered Entities being subjected to HIPAA investigations by the Office for Civil Rights (OCR) from health care consumers lodging complaints, other events can trigger OCR action.
Destruction of Protected Health Information
This article provides guidance on the destruction of health information for all healthcare settings including medical offices.