The NASW Legal Defense Fund has updated NASW’s sample forms and information materials that highlight the latest rules of the Health Insurance Portability and Accountability Act, or HIPAA.
The U.S. Department of Health and Human Services issued the 2013 Omnibus HIPAA Final Rule in January. At press time, enforcement of the rule was set to go into effect on Sept. 23.
The changes require health care providers, health plans and other entities that process health insurance claims to update their HIPAA Notice of Privacy Practices, Business Associate Agreements, Breach Notification Policy and other compliance documents.
“A key point to note in the final rule is that HHS has expanded the penalties for willful neglect of the regulations,” said Sherri Morgan, associate counsel of the LDF and the Office of Ethics and Professional Review. “Ignoring the rule is not an option, regardless of the size of the practice. In addition to the well-known ‘Notice of Privacy Practices’ that is provided to clients, clinical social workers are also required to have a set of office policy documents addressing various HIPAA procedures, to conduct a security risk assessment and create a written security plan.” NASW members may obtain an updated set of sample HIPAA privacy forms and office policies at socialworkers.org/hipaa
In addition, NASW Specialty Practice Section members can participate in the webinar “Introducing NASW’S Updated Sample HIPAA Privacy Forms and Policies.” More information is available at naswdc.org/sections.
At press time, a September Legal Issue of the Month article was anticipated to highlight how to use NASW’s updated sample HIPAA privacy forms and office policies in order to assist members in complying with the new regulations, Morgan said. The LDF’s Legal Issue of the Month article is available to NASW members at socialworkers.org/ldf/legal_issue
Finally, NASW’s online HIPAA training program is being updated and moved to a new online education portal, www.medelearn.org/nasw. The courses are available for a fee for NASW members and nonmembers. Members are eligible for a discount.
Morgan said it is important for social workers to understand that their business associates must also be in compliance with the final rule and that business associate agreements must be updated and signed.
“Much has changed in health care since HIPAA was enacted over 15 years ago,” HHS Secretary Kathleen Sebelius said in a statement. “The new rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age.”
According to HHS, some of the largest breaches reported to the agency have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.
The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS.