HIPAA Omnibus Rule Notice of Privacy Practices Must be Updated this Month
September 23, 2013 is the date that medical practices and other covered entities must update their Notice of Privacy Practices (NPP) to patients in order to be compliant with the HIPAA Omnibus rule enacted in March 2013. The new NPP should be posted in each office, on the website if one exists, and should be available as a handout for any patient requesting it. The new notice must include:
1. Reasons that Protected Health Information (PHI) can and cannot be disclosed to others.
2. Information for opting-out of communication related to fundraising activities, if the provider does any fundraising.
3. The ability to restrict PHI from payer disclosure when patients pay in cash instead of having the charges filed with insurance. Information about being contacted if there is a breach of PHI due to unsecured records.
4. Expanded rights to electronic copies of medical records (where applicable).
At Vitruvian MedPro we help medical practices stay out of willful neglect by providing HIPAA Compliance consulting services. As part of our HIPAA Compliance consulting services, we help medical practices perform and document a risk analysis. We provide medical practices with a thorough risk management report describing their risks and vulnerabilities with PHI.
A free consultation of 30 minutes or less will let you know whether your practice would be found under willful neglect in the case of an audit.
For more information on Vitruvian MedPro’s HIPAA Compliance kit visit: HIPAA Compliance Kit.
At Vitruvian MedPro, a Massachusetts based medical billing and practice management consulting company, we help medical practices improve cash flow and focus on patient care by providing medical billing, medical coding, and patient collection services. Visit our web site at Vitruvian MedPro