Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
HIPAA Changes 2020: HHS Privacy and Security
Since 2013, there haven’t been any significant changes or HIPAA updates, however, there have been proposed changes. The Department of Health and Human Services (HHS) recently announced that they are revisiting previously proposed changes to security and HIPAA privacy regulations in 2020. HIPAA changes and updates 2020 are discussed below.
HIPAA Changes 2020: Civil Monetary Penalties
When a healthcare organization violates HIPAA privacy or security requirements, they are often required to pay civil monetary penalties (CMPs) to the HHS’ Office for Civil Rights (OCR). Under the current regulations, CMPs are not paid to individuals affected by a HIPAA violation. Individuals do not receive monetary compensation because HIPAA does not allow individuals affected by HIPAA violations to file lawsuits to recover damages. Some states allow patients to file lawsuits, but they cannot file at the federal level.
One proposed HIPAA change in 2020, is to allow individuals harmed by a HIPAA violation to seek monetary relief. Individuals affected by HIPAA violations (particularly those that have had their Social Security numbers or financial information exposed), spend significant time and money recovering from the incident. The only compensation victims receive at present is free credit monitoring and identity theft protection.
Although this is helpful in some cases, there are several instances in which HIPAA violations take months, or even years, to detect. In these cases, these services do little to help patients that have already had their identity or credit compromised.
HIPAA Changes 2020: Accounting of Disclosures
In 2009, the Office for Civil Rights proposed legislation to include electronic protected health information (ePHI) under the accounting of disclosures requirement. Under the accounting of disclosures requirement, patients have the right to request a list of entities that have had access to their protected health information (PHI).
However, this requirement does not extend to ePHI, only to access of paper records. Since ePHI is more widely used today, than when HIPAA was enacted in 1996, this change is long overdue. When the change was first proposed in 2009, it was met with backlash from providers and other HIPAA entities as it would significantly increase the number of entities listed in the accounting of disclosures. HHS has announced that they will add the amendment to the accounting of disclosures requirement to their agenda for 2020.
Basic Telehealth Legal & Ethical Rules: HIPAA, Privacy, Working Across State Lines, Malpractice Insurance
Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!
Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.
