HIPAA privacy rules detailed in AMA online guide
■ The resource tool will explain new security regulations and lay out deadlines for compliance.
By Pamela Lewis Dolan — Posted March 9, 2010
The American Medical Association has launched an online resource to help physicians make sense of the privacy and security rules that were created under the 2009 stimulus package.
The new rules, portions of which went into effect in September 2009, not only added teeth to Health Insurance Portability and Accountability Act regulations but also added procedures that all physician offices must have in place to comply.
The revised HIPAA rules created a three-tiered penalty structure that includes fines up to a maximum of $50,000 per violation, up to $1.5 million annually.
As of Feb. 22, the Dept. of Health and Human Services started enforcing the breach notification rules, which require practices to notify patients, and possibly the media, of a violation that meets the definition of a breach of patient identifying information.
Additionally, the new privacy rules affect business associates, which will change the way contracts are written between associates and practices. A business associate is any entity -- a health plan, for example -- that receives patient information from a physician in the course of business.
The AMA tool outlines the new requirements regarding the protection of patient information; how to comply with patients' requests to access their information; and the administrative protections physicians must have in place. The site also details the compliance schedule with all relevant deadlines and links to additional information. The resource is available online (link).
A previous tool details the revised HIPAA laws and the corresponding penalties for non-compliance. It also is available online (link).
Resources are open to all physicians.