Health Care HIPAA Changes

Health Care HIPAA Changes

The changes to patient privacy rules released in January of this year were required by September Polk  & Associates23, 2013. Here are some of the top issues of which to be aware in order to be in compliance:


  • The definition of “breach” (as it pertains to HIPAA) has been broadened. Be sure to familiarize yourself with this distinction.
  • The definition of “marketing” has been revised, and transactions that require patient authorization have been expanded.
  • The Business Associates category has been expanded to include patient safety organizations, health information exchanges, subcontractors of other business associates, and some personal health record vendors—all of whom must have a current business associate agreement (BAA) on file.
  • Business associates are directly liable under HIPAA security rule and for some provisions of the privacy rule. BAAs entered into after 9/23/13 must be updated to reflect these changes.
  • With limited exceptions, the sale of protected health information (PHI) is banned.
  • There is now greater flexibility on the use of PHI for research.
  • Changes have been implemented in regards to the release of information on deceased patients.
  • Student immunization records may be released to schools without authorization provided the school is required by law to have proof of immunizations in order to admit the child, and a parent, guardian or other person acting in loco parentis has agreed to the disclosure. The agreement may be obtained orally or in writing, and need not be signed or contain the other elements required in a formal, written HIPAA authorization. It should, however, be documented in the medical record if oral.
  • If requested, patients are entitled to an electronic copy of their records (if electronic). Also, a copy must also be provided to a third party if requested by the patient.
  • You must comply if your patient pays for services out of pocket, and requests that claims are not filed with their third-party payer.
  • Your Notice of Privacy Practices must be updated to reflect patients’ expanded rights under HIPAA. You must now re-distribute the Notice of Privacy Practice (NPP) to patients and have them acknowledge receipt.


There are many changes to familiarize yourself. If you have any questions, feel free to contact your Polk representative.

Leave a Comment

You must be logged in to post a comment.