New Privacy Practices in Effect September 23rd

As of Monday, September 23rd, long term care facilities must be in compliance with recent amendments to HIPAA and the HITECH Act.  

As previously reported, in January of this year, the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued the long-awaited final privacy and security regulations (Omnibus Rule) under the Health Insurance Portability and Accountability Act (HIPAA) to implement the changes made in 2009 by the Health Information for Economic and Clinical Health Act (HITECH).  The Omnibus Rule was effective on March 26, 2013.  Covered entities (including long term care organizations) and business associates were required to comply by September 23, 2013.  All covered entities must have updated policies, procedures and notices of privacy practices.   

The Omnibus Rule requires covered entities to make changes to their notices of privacy practices.  The OCR and Office of the National Coordinator for Health Information Technology have posted several versions of a model Notice of Privacy Practices (NPP); which serve as templates for compliance with the NPP.  The Omnibus Rule also requires covered entities to amend their business associate agreements. HHS has published a sample form. The Omnibus Rule also requires covered entities to implement policies and procedures to comply with the rules, and to change their policies and procedures as necessary and appropriate to comply with changes in the rule.

Attorney Peter Mellette of Mellette PC has provided another excellent resource to Virginia long term care providers with a Client Alert outlining the requirements and also sample forms that providers may use as templates for the required notices and procedures:

In addition, the American Health Care Association and the National Center for Assisted Living (AHCA & NCAL) has developed an e-book developed especially for long term care providers.  The e-book sells licenses to companies with more than one facility for a discounted price so each administrator can have an individual copy of the relevant information including checklists, templates, and other pertinent material.