The long anticipated final rule and just announced HITECH Act modifications to the HIPAA privacy and security regulations will have far-reaching implications for every patient’s health records. An analysis will be forthcoming from AHIMA, the preeminent not-for-profit association representing the HIM professionals who will be on the front lines implementing the rule.
“The final rule stands to change the practice of healthcare privacy and security as we know it,” said AHIMA’s CEO Lynne Thomas Gordon, MBA, RHIA, CAE, FACHE, FAHIMA. “It is a new era and it begins today. AHIMA will continue to lead the way in helping health information management professionals modify organizational policies and procedures to be compliant with the new rules.”
AHIMA’s leadership is studying the complete text of Health and Human Services Office of Civil Rights rule to interpret its scope. But a few points can be made immediately, including the following:
• Patients have expanded rights to access and restrict disclosure of their health records.
• Several of the security requirements have been expanded with the increased use of EHRs and electronic patient access.
One particular implementation issue AHIMA highlighted is how to manage a patient request to restrict only a portion of his medical records.
“Some other ‘bolt-on’ tracking system will need to be utilized to track and remind staff of a restriction on file,” said AHIMA’s director of HIM solutions Angela Dinh Rose, MHA, RHIA, CHPS.
Other areas the rule covers are the following:
• notifying patients if the security of the health records is breached;
• enforcing HIPAA;
• implementing changes to HIPAA’s privacy and security standards; and
• modifying HIPAA’s privacy rule in accordance with the Genetic Information Nondiscrimination Act.
Live webinars to discuss the rule’s facets will be available for free to AHIMA members and for $59 for nonmembers. Visit ahima.org to find the schedule and registration information.