Earlier this month, the Department of Health and Human Services (HHS) released
three model notices that they have encouraged healthcare providers to
use to inform consumers about how their medical data will be used and
made available under a revised privacy rule that took effect September 23, 2013.
Under HIPAA, healthcare providers are mandated to provide consumers with
a clear and “user-friendly” notice about how providers can
use consumers’ protected healthcare information, as well as how
this information can then be accessed by consumers.
These notices also address new individual rights that are now expanded
in some important ways. For instance, patients can ask for a copy of their
electronic medical record in an electronic form. When individuals pay
by cash they can instruct their provider not to share information about
their treatment with their health plan. Additionally, the final omnibus
rule sets new limits on how information is used and disclosed for marketing
and fundraising purposes and prohibits the sale of an individuals’
health information without their permission.
Lastly, healthcare providers must make its notice available to any person
who asks for it, and the notice must be prominently posted and made available
on any website maintained that provides information about the health care
provider’s customer services or benefits.
These new additions supplement those already in existence, which include
a consumer’s right to request corrections on his/her medical records,
to choose a representative to act on the consumer’s behalf, to file
a complaint if he/her believes her rights have been violated, to obtain
a list of those who have been shared his/her medical records, as well
as other additional rights. Furthermore, it is vital to understand that
healthcare providers are required by law to maintain the privacy and security
of each consumer’s protected health information and to notify the
consumer if a breach occurs.
In light of these recent changes, it is imperative that you are aware of
these new HIPAA requirements and that your current HIPAA notice is in
compliance with federal law. These HHS’ model notices can be accessed
through the following link: http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html.