CLNC® Alert: Sweeping HIPAA Rule Changes

A new 563 page modification to the Health Insurance Portability and Accountability Act (HIPAA) takes effect on March 26, 2013 with compliance by effected parties required by September 23, 2013. This is truly a sweeping rule change and Certified Legal Nurse Consultants should be aware of these changes for both their legal nurse consulting business and nursing practice.

You can read the entire rule change here. Here are a few of the important changes:

  • Business Associates and subcontractors of Covered Entities will be held to the same HIPAA standards as the Covered Entity itself and will be subject to HIPAA compliance audits.
  • Business Associates will have a widened definition including companies that sell, maintain or transmit private health information (PHI).
  • Data breaches of PHI will now be presumed when data is compromised, which requires more reporting and notification to individuals and state authorities of such data breaches by Covered Entities. This is a significant expansion of the notification/reporting requirement and may affect insurance companies and possibly private corporations investigating health or injury-related claims.
  • Patients are now entitled to a copy of their electronic medical record. Previously HIPAA entitled patients to a paper copy, but if the record is maintained by the Covered Entity in electronic format, the patient is entitled to a copy in electronic format. In my opinion, this will be the most interesting development for CLNC® consultants and attorneys as the electronic record will need to be viewed and interpreted. There will also be questions regarding meta-data, actual EMR/EHR formats and readability/usability.
  • Patients may designate in writing that their records be sent to a third-party such as an attorney.
  • If a patients pays out-of-pocket for a treatment they may request that the treatment, etc., NOT be reported to their health plan. This will not only complicate record keeping for the entities doing the testing, but is sure to make insurance companies and health plans take a closer look at what tests a patient may be having and infer what other tests may have also been done. CLNC® consultants should notify your attorney-client that some tests, etc., may not appear in the record from the provider and to request the plaintiff to disclose all providers seen and testing done in order to obtain a complete copy of the record.

The full impact of these rule changes is yet to be understood. HIPAA has been around for some time and attorneys on all sides have determined what they need to do comply and will determine how this rule change applies to their law practices.

Certainly it will impact legal nurse consultants working in the pre-litigation phase with insurance companies, UR organizations and defense firms more so than plaintiff CLNC® consultants who are examining records and PHI with the permission of the patient or affected parties. Remember, once suit is filed, that PHI pretty much becomes public record, but whichever side you’re on, if you have privacy concerns discuss them with your attorney-client to understand the attorney’s expectations.

One thing is for sure, we can expect more explanation of the rule change between now and final implementation.

I’m just sayin’

P.S. Comment on your opinion of HIPAA.

4 thoughts on “CLNC® Alert: Sweeping HIPAA Rule Changes

  1. The HIPAA guidelines are so complicated that it boggles the mind. I attended a webinar last week that was supposed to inform us of these new sweeping changes, but I walked away with the impression that even the instructor didn’t quite get it. If we don’t fully understand the rules, how can we fully obey them? It is a tad overwhelming.

  2. Thanks, Vickie! These are actually exciting changes for us! Especially for those of us who have not used multiple different types of software, and since they keep changing and updating it! I think as long as we respect PHI as before, we will be okay. HIPAA has always been confusing, but I guess the basics are the same.
    The owner of my office building had to get into my office (emergently). I had all records under further lock and key and or password protected. PHEW! I am glad I did not let my guard down nor will I ever!
    We can all use plenty of Tom’s Tech Tips on the best way to TRANSMIT info if there are changes there. (Hint Hint) I have not fully looked into it yet, but I will. As the business grows, so do the responsibilities. I love it!

  3. HIPAA has always been a complex piece of legislation that leads to more and more questions rather than answers.

Leave a Reply

Your email address will not be published. Required fields are marked *

*The opinions and statements made by Vickie Milazzo, the founder of Medical-Legal Consulting Institute, Inc. are based on her experiences and expertise, should not be applied beyond the specific context provided, and do not guaranty or project actual results. Vickie Milazzo is no longer involved in the operations or management of the business, but is involved as an independent education consultant.

Copyright © 1999-2021
All rights reserved.
CLNC® and NACLNC® are registered trademarks of