Part B Insider (Multispecialty) Coding Alert

PRIVACY:

Be Prepared -- Stimulus Plan Strengthens HIPAA Rules

Many HIPAA regulations are now applicable to your practice's business associates.

If you've been lax on overseeing your HIPAA compliance, now is the time to shore up those processes.

The government's stimulus bill,known as the "American Recovery and Reinvestment Act of 2009" (ARRA), strengthens the HIPAA requirements that practices face,increasing penalties for privacy breaches, and creating restrictions on how you can share protected health information.

Important: The bill will require your practice's business associates to implement policies that establish administrative and technical safeguards; those associates could face fines or penalties if they breach the HIPAA rules.

"ARRA does not distinguish among business associates," says Edward Leeds, Esq. with Ballard,Spahr, Andrews & Ingersoll in Philadelphia. "To the extent that ARRA applies the privacy and security rules to any business associate, it applies them to all business associates,"he says.

The catch: "ARRA does not apply all HIPAA requirements to business associates," Leeds says."That would effectively convert them into covered entities, and ARRA does not follow that path."

In a nutshell, Leeds says, "ARRA does make virtually all of the security requirements contained in the HIPAA regulations applicable to business associates but is more selective with respect to the application of the privacy rules."

Bottom line: "The stimulus package rule extends many of the obligations formerly only applicable to covered entities to all business associates,"says Stephen L. Page, Esq. of Waller, Lansden, Dortch & Davis in Nashville.

Guidance: Look for the Dept. of Health and Human Services to issue guidance on the HIPAA requirements on a regular basis, Page says.

To read the full text of the stimulus plan, visit http://thomas.loc.gov/home/approp/app09.html.

Other Articles in this issue of

Part B Insider (Multispecialty) Coding Alert

View All