Since the passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, a number of regulations have followed in an attempt to clarify provisions of the law. Despite these efforts, HIPAA is far from being simple, yet it will continue to affect how business is conducted in the country.
These complex provisions govern many businesses, including healthcare provider services such as:
• Nursing homes
• Physician groups
• Pharmaceutical benefits managers
• Management companies for pharmaceutical, medical devices and disease
• Health plans, insurers and third-party administrators
• Self-insured employee benefit plans
• Business associates such as contractor and vendors
If you own or manage one of those businesses, you will need legal representation that is not only informed about the provisions, but is also uniquely qualified to give advice on the challenges.
The Importance of Protecting Patient Information
Healthcare providers and their business associates handle volumes of patient medical information. They must not violate HIPAA regulations and state privacy laws. This can become complicated because HIPAA has complicated regulatory schemes and requirements that must be met at all times.
Understanding these complicated rules can mean the difference between providing services to patients and providing fines to authoritative agencies that diminish the quality of healthcare services.
Developing policies and procedures that helps to ensure your entity remains compliant with the many regulations is essential.
HIPAA Privacy Provisions
The Privacy Rule in the HIPAA law has restrictions on how protected health information is used and disclosed. Practically all of patients’ health information that your facility creates or maintains is considered protected. The Privacy Rule governs when this protected data can be used within your practice or disclosed to outside entities.
Generally, patients’ protected information is only allowed to be used for treatment, payment for service and operations. Each area has specific meanings on what that looks like within the regulations. When uses are for something other than these three areas, patients must sign an authorization that is based on the requirements in the HIPAA Privacy Regulations.
Certain exceptions apply to the Privacy Rule that allows protected information to be disclosed without obtaining patient authorization when it is required by law. This is true even if disclosing the information is unrelated to treatment, payment or facility operations.
Patients also have certain rights such as inspecting and copying their health records. Other provisions for patients in the Privacy Rule include:
• Requesting an amendment to their health information
• Requesting that certain restrictions be placed on the use and disclosure of their information
• Filing a written complaint with the healthcare provider and government
• Receiving a notice of privacy policies from the facility
Compliance with HIPAA’s Privacy Rule means that you must appoint a HIPAA Privacy Officer who will oversee compliance matters within the facility. In addition, you are also required to maintain written policies and procedures, and make sure your staff is trained on the policies.
An individual or entity that does business with you and may come into contact with patients’ protected health information must enter into a business associate agreement with your facility.
Protect Your Interests with Ongoing Counsel from New Jersey HIPAA Compliance Lawyers
Raiser & Kenniff, PC has strategic New Jersey HIPAA compliance lawyers available to make sure that your facility is consistently compliant with this very important healthcare regulation. Our response is proactive to help you avoid an audit, penalty or fine for not following the rules.
Our goal is to protect your healthcare business from unintended violations through specific services such as:
• Advice on the best approach to respond to data breaches that threaten the security of patient information
• Counsel on HIPAA and other laws related to the protection of patient privacy. This includes federal and state laws, gap analyses and how HIPAA impacts state litigation
• Development of comprehensive analysis and assessment of operational compliance for self-insured employee health plans
• Full-scale assessments of privacy and operational procedures, and advice on developing remediation programs
• Review existing arrangements with third-party businesses that permit access to health information through their operations. This includes agents, independent contractors and vendors
You need experienced legal counsel and our firm has extensive knowledge in HIPAA security issues. We will work diligently to ensure your healthcare facility receives full benefits of this experience.