On January 25, 2013 the Department of Health and Human Services issued the HIPAA Omnibus Rule, a series of regulations to implement various provisions of the federal law known as the Health Information Technology for Economic and Clinical Health Act (“HITECH”). Included in that rule were requirements affecting Notices of Privacy Practices which healthcare providers and most health plans must adopt and furnish to patients and plan beneficiaries.
All Notices of Privacy Practices must be amended to meet the new requirements. These amendments will constitute material changes to any existing notices. As a result, healthcare providers must post the new notice in a clear and prominent location in their facilities and make the notice available upon request. Health plans must post the new notice prominently on their websites and distribute a copy along with their next annual mailing to plan beneficiaries.
Covered entities (healthcare providers, health plans and healthcare clearing houses) have until September 23, 2013 to be in compliance with the new requirements. Healthcare providers should obtain written acknowledgement from patients upon their next visit that they have been offered the opportunity to review the new notice. Healthcare providers should retain that acknowledgement in the patient’s file.
There will be a variety of sources of Notices of Privacy Practices. Upon request, our healthcare team can assist clients in the development of a customized notice.