HIPAA privacy rule now in effect

As of mid-April, all health care providers should have begun privacy programs to comply with the Health Insurance Portability and Accountability Act of 1996.

Physicians who did not begin to comply will not be automatically fined, but a program must be implemented, lawyers say. Patients may not be aware of their new privacy rights, but lawyers certainly are, said Steven M. Fleisher, JD.

“It’s a complaint-driven enforcement system,” he said. “Unless you rack up complaints, you are not at risk for a civil fine, but you do have to worry about HIPAA.”

Under the new rules, physicians are required to give their patients a Notice of Privacy form, a document that explains how the office uses patient information. The notice can be separated into three categories, said Kirk Nahra, JD. Patients should be informed about how the physician’s practice uses their health information, the office’s compliance/administrative obligations and the patient’s rights.

“The rule is that protected health information may not be used or disclosed by a covered entity – a doctor, hospital or health plan – except in two situations: as authorized by the patient and as explicitly provided by the rule,” Mr. Nahra said.

Mr. Fleisher recommended contacting specialty societies and state medical societies for advice on compliance. He is also warning physicians not to try to achieve compliance without consultation.

For more on the subject, see the June 1 print edition of Ocular Surgery News.