In early 2013, the federal HIPAA Omnibus Rule went info effect, with a compliance date of September 23, 2013. The Rule brings together the requirements of HITECH (Health Information Technology for Economic and Clinical Health Act of 2009) and HIPAA (Health Insurance Portability and Accountability Act) into one Omnibus Rule. The following provisions of the HIPAA Omnibus Rule apply to dental offices:
- Make business associates of covered entities directly liable for compliance with certain of the HIPAA rules’ requirements.
- Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without individual authorization.
- Expand individuals’ rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.
- Require modifications to, and redistribution of, a covered entity’s notice of privacy practices.
- Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to decedent information by family members or others.
- Adopt changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH.
- Require breach notification for unsecured protected health information.
OSHA Review, Inc. a registered continuing education provider in the State of California, specializing in Dental Practice Act, infection control, and Cal/OSHA training. OSHA Review subscribers in California receive updated regulatory compliance and infection control training thorough our bi-monthly newsletter.