SIGNIFICANT CHANGES TO HIPAA:
THE IMPACT ON NURSING & ASSISTED LIVING FACILITIES
Reference Manual Offered by AHCA / NCAL and Rolf
On January 25, 2013, the Department of Health and Human Services issued significant changes to existing HIPAA regulations that will require substantial changes for long-term care facilities and their business associates. Some key changes include:
- Redefining “business associates” to include subcontractors that create, receive, maintain or transmit PHI on behalf of a business associate;
- Requiring direct liability for business associates who fail to comply with the HIPAA Privacy and Security Rule requirements;
- Placing new limitations on the use and disclosure of PHI for marketing and fundraising;
- Restricting the sale of PHI without authorization;
- Adopting a more objective breach notification threshold and new risk assessment requirements;
- Allowing individuals access to ePHI where requested and providing additional guidance on fee sharing for such electronic access;
- Restricting disclosures of PHI concerning treatment paid in full out of pocket;
- Issuing new guidance regarding disclosures of PHI after an individual’s death;
- Requiring modifications and redistribution of notice of privacy practices; and
- Incorporating the HITECH Act’s increased and tiered civil money penalty structure.
Compliance with these new rules is required no later than September 23, 2013.
To assist our long-term care clients in implementing the operational changes necessary to comply with these new HIPAA requirements, Rolf Goffman Martin Lang LLP, in partnership with the American Health Care Association and the National Center for Assisted Living, has prepared a HIPAA Privacy Reference Manual: A Guide for Nursing Facilities & Assisted Living, available for your purchase at www.AHCAPublications.org. This manual is drafted specifically for long-term care providers, focusing on providing both a clear explanation of the legal requirements, as well as various tools, templates, and policies to guide your facility’s compliance.