A new 563 page modification to the Health Insurance Portability and Accountability Act (HIPAA) takes effect on March 26, 2013 with compliance by effected parties required by September 23, 2013. This is truly a sweeping rule change and Certified Legal Nurse Consultants should be aware of these changes for both their legal nurse consulting business and nursing practice.
You can read the entire rule change here. Here are a few of the important changes:
- Business Associates and subcontractors of Covered Entities will be held to the same HIPAA standards as the Covered Entity itself and will be subject to HIPAA compliance audits.
- Business Associates will have a widened definition including companies that sell, maintain or transmit private health information (PHI).
- Data breaches of PHI will now be presumed when data is compromised, which requires more reporting and notification to individuals and state authorities of such data breaches by Covered Entities. This is a significant expansion of the notification/reporting requirement and may affect insurance companies and possibly private corporations investigating health or injury-related claims.
- Patients are now entitled to a copy of their electronic medical record. Previously HIPAA entitled patients to a paper copy, but if the record is maintained by the Covered Entity in electronic format, the patient is entitled to a copy in electronic format. In my opinion, this will be the most interesting development for CLNC® consultants and attorneys as the electronic record will need to be viewed and interpreted. There will also be questions regarding meta-data, actual EMR/EHR formats and readability/usability.
- Patients may designate in writing that their records be sent to a third-party such as an attorney.
- If a patients pays out-of-pocket for a treatment they may request that the treatment, etc., NOT be reported to their health plan. This will not only complicate record keeping for the entities doing the testing, but is sure to make insurance companies and health plans take a closer look at what tests a patient may be having and infer what other tests may have also been done. CLNC® consultants should notify your attorney-client that some tests, etc., may not appear in the record from the provider and to request the plaintiff to disclose all providers seen and testing done in order to obtain a complete copy of the record.
The full impact of these rule changes is yet to be understood. HIPAA has been around for some time and attorneys on all sides have determined what they need to do comply and will determine how this rule change applies to their law practices.
Certainly it will impact legal nurse consultants working in the pre-litigation phase with insurance companies, UR organizations and defense firms more so than plaintiff CLNC® consultants who are examining records and PHI with the permission of the patient or affected parties. Remember, once suit is filed, that PHI pretty much becomes public record, but whichever side you’re on, if you have privacy concerns discuss them with your attorney-client to understand the attorney’s expectations.
One thing is for sure, we can expect more explanation of the rule change between now and final implementation.
I’m just sayin’
P.S. Comment on your opinion of HIPAA.