Live from MGMA: The new privacy deal

Aug. 16, 2011
You know a session is probably going to be good when there isn’t a free seat to be found. That was the case yesterday afternoon, when Gerry Hinkley,

You know a session is probably going to be good when there isn’t a free seat to be found. That was the case yesterday afternoon, when Gerry Hinkley, an attorney, spoke to a packed room about the new HIPAA privacy and security mandates.

Hinkley, who practices with Davis Wright Tremaine LLP in San Francisco, gave an overview of what providers need to do to guard against increased penalties and achieve compliance — an issue that’s extremely timely. “Times are going to get tougher with respect to ARRA,” he said. “The honeymoon we had with HIPAA is over.”

While he covered a lot of ground, some of the key points were as follows:

1. Under the new HITECH rules, self-pay patients can require that covered entities do not disclose protected health information (PHI) to health plans. This, said Hinkley, can get tricky, making it critical that practices have a procedure in place. “It’s going to be a very manual process, regrettably.”

2. Smart providers will get ahead of the game by notifying business associates (BAs) of their legal obligations under HITECH.

3. The requirements surrounding accounting of disclosure are very specific. Providers need to make sure that their EMR vendors can meet the requirements, and should inquire as to how the vendor plans to address them. “This is on the horizon,” he said. “You’ll hear a lot about it in the next year.”

4. The best strategy is to beef up your security so you can prevent breaches from occurring in the first place. “It’s an area that’s going to be ripe for enforcement,” said Hinkley. “Take this very, very seriously.”

5. In a nutshell, providers need to: create a compliance plan; update all policies and procedures; make sure PHIs are secure; put someone in charge of privacy/security who will serve as an expert; provide training for what needs to happen before and after a breach occurs; and conduct a HIPAA tune-up. And, he says, “The time to do this is now, not when someone says, ‘you’ll never guess what happened.’”

For more information on this topic, check out Reece Hirsch’s blog, David Raths’ blog, and HCI’s feature article, High Stakes, which was published in July.

Sponsored Recommendations

Going Beyond the Smart Room: Empowering Nursing & Clinical Staff with Ambient Technology, Observation, and Documentation

Discover how ambient AI technology is revolutionizing nursing workflows and empowering clinical staff at scale. Learn about how Orlando Health implemented innovative strategies...

Enabling efficiencies in patient care and healthcare operations

Labor shortages. Burnout. Gaps in access to care. The healthcare industry has rising patient, caregiver and stakeholder expectations around customer experiences, increasing the...

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

Join us for this April 30th webinar to learn about 2024's State of the Market Report: New Challenges in Health Data Management.

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

2024's State of the Market Report: New Challenges in Health Data Management