Home - About - Contact Toll Free (888) 916-7070

TrustMakers

New Responsibilities
Take the Free Quiz
Change the Font-Size on this pageLargest Article Text SizeLarger Article Text SizeNormal Article Text Size

Email Article Print Article

New Responsibilities For Health Care Providers

By John Dietz - Email Editor

Date : March 24, 2009

Dear Valued Reader,

As the American Recovery & Reinvestment Act (ARRA) plays out, we are learning about the many ways this act is going to change our lives in the next ten years. The ARRA, which was signed on February 17, 2009, also includes major changes to the Health Insurance Portability and Accountability Act of 1996, the bill you know as HIPAA. These changes are going to involve direct liability, mostly for “Business Associates” of “Covered Entities.”

The ARRA extends the privacy obligations of professionals and outlines penalties for violation. The act supports the recovery of individuals who are victim to the many HIPAA violations, such as identity theft. Many of these violations lead back to hospitals and insurance employees who have negligently breached the information, but in some cases involve the theft of proprietary information such as social security numbers. It is assumed that the push for the money and time saving electronic system by the Obama appointed team will further jeopardize the privacy of citizens and their medical records.

If you are in the health care field, you know very well what HIPAA is. If not, HIPAA is what you sign over and over when you go to the doctor’s office, each time renewing the sanctity of your medical records and the privacy that you are due. Most of us are unsuspecting, thinking that these HIPAA documents exist to inform us that it is our right to privacy and the protection of our personal information with medical issues and this is the end of it. The receptionist generally makes it clear that you, as a citizen, get to qualify and determine who has access to your records unless there is a court order to compel the records.

Though this is true, there have been hosts of changes that will make a difference in the event of any violation of your privacy. If you are a physician, hospital employee or medical profession, this certainly increases your liability over the privacy of every patient that you see.

The Office of Civil Rights received 700 complaints in its HIPAA privacy enforcement program in January 2009 totaling 41,807 complaints since the program started in April 2003. OCR received 438 complaints in December 2008.

Of the 11,791 complaints that fell within OCR’s power to act, 7,861 required corrective actions by a Covered Entity. The remaining 3,930 investigations did not uncover a violation. Approximately one-third of the investigations uncovered no violation and 19% of total complaints resulted in changes in the policies and procedures of the Covered Entities.

The new provisions will be effective approximately within a year of the legislation or around February 2010. The major changes for health care professionals occur in Title XIII of ARRA, known as the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Before the Recovery Act, Business Associates, defined as the people who perform any function involving the use of disclosure of the HIPAA Act were not directly liable to the Covered Entities for any civil or criminal penalties of the breach of the contract. Covered entities are health plans, health care clearinghouses, and health care providers who transmit any health information in electronic form in connection with a standard transaction covered by HIPAA.

The new act imposes both civil and criminal penalties for Business Associate violations of the HIPAA Act. Now the Business Associate assumes the same liability as the Covered Entity.

Part of the new act involves the notification of a breach of protected health information. Individuals must be notified personally of every breach within 60 days of the breach. Each Covered Entity involved in a breach of "unsecured" Protected Health Information (PHI) concerning more than 500 individuals will be posted on the Department of Health and Human Services' web site.

The HITECH Act brings authority to the state’s attorney general to bring civil actions in federal court if they have reason to believe one or more of the residents of that state have been violated. The act specifically mentions injunctive relief, monetary penalties and the recovery of attorney fees.

For harmed individuals the penalties are increased and the civil penalties cap has a suggestion of $25,000 to $1.5 million per single violation. The severity of the penalties depend on the cause for the violation and the willful neglect and the violator’s contribution to the breach, with respect to having no knowledge by exercising reason or by recklessness or criminal intent.

For individuals, it means increased ability to recover damages and for health care individuals it means beware!

Until next time,

John

RELATED ARTICLES:

ABOUT THIS EDITOR:

John Dietz is a strategic advisor at Trustmakers.com with a passion for client solutions that can encompass your business, your real estate, and your personal assets. Mr. Dietz serves to educate you on the latest in asset protection planning.

Full Bio - Email John