Business
Upcoming HIPAA changes catching some unaware
■ Expansions to privacy and security rules, mostly affecting business associates, go into effect next year.
By Pamela Lewis Dolan — Posted Dec. 11, 2009
- WITH THIS STORY:
- » Related content
Some hospitals and others that will be impacted by changes to the Health Insurance Portability and Accountability Act don't know that rule changes are set to go into effect in 2010, a recent survey found.
The Healthcare Information and Management Systems Society conducted a survey of 150 hospital information technology executives and 26 business associate firms. Under HIPAA, business associates are any organizations that handle patient health information for purposes other than treating patients.
The survey found a third of the business associates were unaware that HIPAA privacy and security requirements had been extended to cover their organizations.
The survey, commissioned by ID Experts, a data breach prevention company headquartered in Beaverton, Ore., was conducted both by telephone and online in August and September.
Only 42% of the business associates interviewed said they were aware that beginning in 2010, consumers are guaranteed prompt access to an electronic copy of their own health records. Sixty-eight percent of the health care organizations interviewed were aware of this change.
Fifty percent of business associates and 67% of health care organizations were aware that individuals could restrict disclosure of their records when they pay for their own medical services.
Of the survey respondents, 57% said they would renegotiate contracts with business associates. Another half said they would monitor their business associates' performance when it comes to security issues. Forty-seven percent said they would terminate agreements in the event of a breach.