Overall, the new rule gives more clarity on the definition of a covered entity or BA, the responsibilities of each, as well as all punishments associated with lack of compliance. The basic guidelines of the privacy rules did not change; covered entities or BAs must still have a compliance plan, a designated compliance officer, education, analysis of gaps and privacy notices for patients and their family members. Changes to the rule give more definition of compliance, culpability and correction, and physician practices will need to reassess their efforts through the rest of this year to avoid unexpected fines or punishment due to any violation or noncompliance.
For questions or additional information on the HIPAA privacy rule, contact Antanya Chung at [email protected] or 404-633-3777 x818. To view the entire privacy rule, as well as guidance and additional materials, visit the CMS website at go.cms.gov/1pq9u1P.
