Text Box: AHIMA has released their results of a survey conducted in January 2005 with healthcare businesses (half hospitals) about how they deal with challenges of the HIPAA regulations. It appears that the main challenge for the Privacy Official today is to educate and train personnel on a regular basis so rules are understood, followed and people do not fall back into the routine of operations. This will also be true for the Security Rule implementation and compliance. The most difficulties for implementing and enforcing the provisions come from: Accounting of disclosures Text Box: Access and release of information to: —> Law enforcement —> Relatives of patients —> Research protocols —> For subpoenas versus court orders Business Associates agreement Numbers show that healthcare personnel perceive that a majority of patients is indifferent (40.7%) to the privacy requirements. 33% are somewhat supportive. Patients to some extent understand their rights and the providers’ responsibilities (63.6%) according to surveyed, still a lot of complaints Text Box: are the result of misunderstandings rather than a violation of the rule. When asked which aspect of the Privacy Rule needs to be changed, providers say that the requirement for accounting of disclosures is the most difficult to deal with and one that has very little value given the small number of actual requests for such accountings. Reference: “The State of HIPAA Privacy and Security Compliance” report, April 2005. American Health Information Management Association. Text Box: ments by the public before the final rule is published. It should determine the penalties for not complying with the Privacy and Security Rules and the processes to become compliant. Comments are due by June 17, 2005. HHS stresses that they are encouraging voluntary compliance through education, cooperation and technical assistance. Matters Text Box: Two years after the effective date of the Privacy Rule, investigation and enforcement are still primarily complaint-based. However, the department of Health and Human Services (HHS) is trying to startup the process of conducting compliance reviews. If violations are found, penalties may be imposed. Therefore a Rule for Enforcement has been proposed on April 18, 2005 and is currently opened to comText Box: should be resolved informally using a corrective action plan if they cannot be taking care of during the initial stage. Only if matters are still not resolved would civil money penalties may be imposed. Amount of civil money penalties could be in the amount of more than $100 for each violation, or in excess of $25,000 for identical violations during a calendar year. Text Box: Compliance challenges for healthcare businesses Text Box: Proposed enforcement rule published

...73.7% of patients are somewhat supportive to indifferent to the Privacy Rule...
Text Box: Page #

Hipaa refresher 2005