Updates to the Health Insurance Portability and Accountability Act (HIPAA), which took effect on March 26, 2013, include a number of provisions that will affect dermatology practices. Practices and other entities affected had to be in compliance with the final rule by Sept. 23, 2013.
Among the provisions that affect dermatology practices is one that requires any improper use or disclosure of personal health information to be considered a breach that triggers official notification requirements, unless the organization in question carries out a risk assessment and determines otherwise.
In addition, the final rule:
- Extends the requirements of the privacy and security rules to physicians' business associates and their subcontractors;
- Establishes new limitations on the use of personal health information for marketing and fund-raising purposes;
- Prohibits the sale of a patient's personal health information without specific individual authorization to do so;
- Expands patients' rights to request and receive electronic copies of their personal health information; and
- Broadens patients' ability to restrict, in some instances, disclosure of their personal health information to health insurance plans.
Use the flowchart below to determine whether the person or organization is a HIPAA-covered entity.
Below is a more detailed list of those who fall under the covered entity category under HIPAA. Covered entities can fall into one or more of the following three categories:
*List not inclusive, other vendors may be affected. ”Business associate” refers specifically to a person or organization that conducts business with the covered entity that involves the use or disclosure of individually identifiable health information.
For more information about HIPAA, visit the U.S Department of Health & Human Services website.