The new HIPAA regulations are here and providers are being hit with million dollar settlements as the government gears up for its biggest round of HIPAA audits in 2015.  The big question is, are you ready?  Recent HIPAA settlements reveal that simply updating your Notice of Privacy Practices (NPP) and business associate agreements (BAA) isn’t going to cut it. 

Here Are 3 Things You Must Know for 2015:

1. Phase 2 HIPAA Audits to Begin in 2015

The Office for Civil Rights (OCR) is set for a new round of HIPAA audits in 2015 (Phase 2 HIPAA Audits) and this time they are auditing business associates along with covered health care providers.  Providers will be audited on the Privacy, Security and Breach Notification Rules and business associates will be subject to a Security audit. 

2. Percentage of HIPAA Penalties and Settlements Will Soon Go to  Harmed Individuals

OCR is working on a Rule that would establish a way for a percentage of civil money penalties and monetary settlement amounts to go to individuals who are harmed by HIPAA violations.  This could drastically increase the number of HIPAA-related complaints from individuals, and it may increase penalty and settlement amounts considerably.   

3. Final Rule on Accounting for Disclosures of PHI

We are still awaiting a final version of a proposed rule issued back on May 31, 2011 that would change the HIPAA accounting rule.  Right now, patients can request an “accounting of disclosures” of their PHI made over the past 6 years.  But, disclosures for treatment, payment and health care operations (TPO) do not currently have to be included in the accounting.  The proposed rule would require an accounting of TPO disclosures made from electronic health records during the last 3 years, and it would require agencies to provide patients with an “access report” (which is like an audit log) indicating: who accessed their electronic PHI, when they accessed it, and the reason for access.  The “access report” requirement drew a lot of criticism from providers, and OCR says it’s still evaluating whether it will keep that requirement in any final rule. 

What’s Your Plan of Action? – We’ve Got Solutions!

Get HIPAA Certified   

Sometimes, the best defense against government enforcement is a good offense.  The Certified Ambulance Privacy Officer (CAPO™) program covers everything from dealing with requests for health information to securing data on your mobile devices.  Click HERE for a CAPO™ course outline. 

Join us March 10-11, 2015 for the First CAPO Program in the Nation!

PWW HIPAA Products

We offer 3 exclusive solutions that contain all the tools you need to comply with the new HIPAA rules.