This health reform alert summarizes the key changes to the Notice of Privacy Practices ("NPP") requirements in the revised Health Insurance Portability and Accountability Act ("HIPAA") regulations (the "Omnibus Rule") as well as what covered entities need to do to be compliant. Because many covered entities may have modified their NPPs based on the Notice of Proposed Rulemaking issued on July 14, 2010 ("NPRM"), this alert also details the similarities and differences between the NPRM and the Omnibus Rule related to NPPs. In addition, Table 1 of this alert provides a quick summary of the NPRM proposals adopted—or not adopted—by the Omnibus Rule.
As covered entities work toward compliance, they should keep in mind that the Omnibus Rule becomes effective on March 26, 2013, but the deadline for compliance is September 23, 2013.
Key Changes to NPP Content -
1. Description of Uses and Disclosures Requiring Authorization:
In the NPRM, the U.S. Department of Health and Human Services ("HHS") proposed amending 45 C.F.R. § 164.520(b)(1)(ii)(E) of the HIPAA Privacy Rule to require that NPPs include information regarding certain types of uses and disclosures of protected health information ("PHI") that require an authorization under Sections 164.508(a)(2) through (a)(4). These include (1) most uses and disclosures of psychotherapy notes, (2) uses and disclosures of PHI for marketing purposes, and (3) disclosures that constitute a sale of PHI. The NPRM also proposed requiring that a NPP contain a statement that other uses and disclosures not described in the NPP will be made only with an individual's authorization.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.
Topics: Data Protection, HHS, HIPAA, HIPAA Omnibus Rule, Notice Requirements, PHI
Published In: General Business Updates, Health Updates, Privacy Updates, Science, Computers & Technology Updates
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Epstein Becker & Green, P.C. | Attorney Advertising