• E-mail
• Print
• RSS

Topic: HIPAA will heat up in 2008

HIM Connection, January 15, 2008

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

The end of 2007 brings to a close a tumultuous year for covered entities, which faced National Provider Identifier (NPI) difficulties and saw an increased emphasis on security in the past 12 months. Although a hard deadline for NPI use approaches in May, one thing is for sure: HIPAA is undergoing some major developments. "2007 was the year of NPI," says Karen Trudel, deputy director of CMS' Office of Electronic Standards and Services. "Once we get over the NPI hurdle, what comes next?"

The answer? Plenty. Covered entities should be on their toes in 2008.

For one thing, covered entities should keep an eye on U.S. Senate bill 1814, the Health Information Privacy and Security Act (HIPSA), currently under consideration by the Committee on Health, Education, Labor, and Pensions. HIPSA would institute wide-ranging changes to the current HIPAA regime, says John C. Parmigiani, who contributed to the development of the privacy and security rules and is now president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD. "What it would do is get out of the voluntary compliance that HIPAA has gotten into."

HIPSA would centralize enforcement by creating an office of health information privacy within HHS to receive and investigate privacy and security complaints and conduct compliance audits.

In a marked departure from the current HIPAA statute, HIPSA would govern all those who use PHI rather than only HIPAA-covered entities. The bill would also create a right of private action (the right to file a private lawsuit), and allow state attorneys general to sue for privacy and security violations.

As if this isn't enough to keep covered entities busy well through 2008, more news is on the way. For example, CMS is looking for more areas in which to issue guidelines similar to those it issued for remote security in 2006, Trudel says. The agency also hopes to put more information on its Web site regarding security rule enforcement, including situational vignettes similar to those that OCR put on its Web site in April 2007. (Visit www.hhs.gov/ocr/privacy/enforcement for more information.)

And although HIPAA is hardly a campaign topic, the presidential election should also have an effect on HIPAA's future, Parmigiani says. "Depending on what happens, there will be a cry for enforcement, especially with the ever-increasing awareness by the public of identity theft and, in particular, medical identity theft," he says.

Editor's note: This tip is adapted from a January 2008 article in Briefings on HIPAA. For more information, click here.

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• Comment
• E-mail to a Colleague
• Print
• RSS
• Archive

Comments