The long anticipated final rule and just announced Health Information Technology for Economic and Clinical Health (HITECH) Act modifications to the Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations will have far-reaching implications for every patient’s health records. An analysis will be forthcoming from the American Health Information Management Association (AHIMA), the preeminent not-for-profit association representing the HIM professionals who will be on the front lines implementing the rule.
“The final rule stands to change the practice of healthcare privacy and security as we know it,” said AHIMA’s CEO Lynne Thomas Gordon, MBA, RHIA, CAE, FACHE, FAHIMA. “It is a new era and it begins today. AHIMA will continue to lead the way in helping health information management professionals modify organizational policies and procedures to be compliant with the new rules.”
AHIMA’s leadership is studying the complete text of the Department of Health and Human Services – Office of Civil Rights rule to interpret its scope. But a few points can be made immediately:
- Patients have expanded rights to access and restrict disclosure of their health records
- Several of the security requirements have been expanded with the increased use of electronic health records and electronic patient access
One particular implementation issue AHIMA highlighted is how to manage a patient request to restrict only a portion of his medical records.
“Some other ‘bolt-on’ tracking system will need to be utilized to track and remind staff of a restriction on file,” said AHIMA’s Director of HIM Solutions Angela Dinh Rose, MHA, RHIA, CHPS.
Other areas the rule covers are:
- Notifying patients if the security of the health records is breached
- Enforcing HIPAA
- Implementing changes to HIPAA’s privacy and security standards
- Modifying HIPAA’s privacy rule in accordance with the Genetic Information Nondiscrimination Act (GINA)