HIPAA Resources

On Sept. 23, 2013, new rules for the Health Insurance Portability and Accountability Act (HIPAA) took effect. The most significant changes are:

• It makes business associates of covered entities directly liable for compliance with certain of the HIPAA Privacy and Security Rules' requirements.
• It strengthens the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibits the sale of protected health information without individual authorization.
• It expands individuals' rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.
• It requires modifications to, and redistribution of, a covered entity's notice of privacy practices.
• It modifies the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to decedent information by family members or others.

Because of these changes, physician practices must modify various policies and procedures to comply with the new rule.

MMS PPRC Resources

• HIPAA: Basic Elements for Compliance with the Privacy Regulations    (.pdf, 88 pages)
• HIPAA: Basic Elements for Compliance with the Security Regulations    (.pdf, 46 pages)
• HIPAA: Basic Elements For Compliance With the Data Breach Notification Rule    (.pdf, 20 pages)
• Template: Notice of Privacy Practices    |   PDF   |   Microsoft Word  |  (5 pages)  
• Template: Business Associate Agreement    |   PDF   |   Microsoft Word  (12 pages)
• Online CME Course: HIPAA 2.0: What’s New in the New Rule?

AMA HIPAA Toolkit

The American Medical Association has developed a comprehensive toolkit to help physicians navigate the revisions to the federal privacy and security rules for health information.