Health Care Law Blog

Attorney Nicole Stratton was quoted in Physician Risk Management discussing HIPAA regulations in the article below titled "New HIPAA Regs: Proper Privacy Notices Needed."

If physicians don't provide an updated privacy notice as required by new regulations, physicians could be accused of violating HIPAA by the government or the state attorney general. "If you or your office has a Notice of Privacy Practices that has not been updated since January 25, 2013, you need to update it," says Nicole E. Stratton, JD, an attorney at Foster Swift Collins & Smith in Lansing, MI.

Physicians are only required to distribute these new Notices of Privacy Practices to new patients. "However, many are distributing their new Notices of Privacy Practices to current patients as well, so every patient has the latest information about their privacy rights," says Stratton.

Everything in prior Notice of Privacy Practices is still required, along with these additional items:

• Information related to an individual's right to notification after a breach;
• Descriptions of uses and disclosures requiring authorization (such as psychotherapy notes, marketing, and sale of medical information);
• A statement indicating that individuals have a right to restrict certain disclosures of medical information to a health plan where the individual pays for the service entirely out of pocket;
• A statement that individuals have a right to opt out of fundraising communications.

The final regulations made penalties steeper, with the potential of fines of up to $1.5 million for all violations of the same HIPAA requirement or prohibition.

"Additionally, there is no maximum limit on the amount of fines per year. It all depends on how many different kinds of violations are found," says Stratton. 

If you have any questions related to HIPAA compliance please contact your Foster Swift attorney

Source: Physician Risk Management, formerly published by AHC Media, Atlanta. Phone: (800) 688-2421. Email: customerservice@ahcmedia.com.