> >

News

NASW News Editorial

Managing Editor
Laetitia Clayton

Senior Editor
Paul R. Pace

Deputy Director and
NASW News Editor-in-Chief
Gail Woods Waller

Advertising Sales

Jim Snyder
(703) 764-5949

Subscriptions

Member Address Changes
(800) 742-4089
membership@naswdc.org

Non-member Subscriptions/ Address Changes
NASW Press Distribution Center
(800) 227-3590
press@naswdc.org

Subscription Price:
Members, $17 (included in annual dues); non-members, $35 per year; single copy, $8.

Year

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

NASW News

HHS issues final regulations regarding HIPAA

by Rena Malai

The U.S. Department of Health and Human Services has issued a final set of regulations that address several key areas under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Under the Health Information Technology for Economic and Clinical Health Act, which was passed in 2009, some existing HIPAA requirements were amended as the HITECH Act was implemented in phases. The Omnibus Rule, which HHS issued in January, finalizes the HIPAA regulations affected by HITECH and adds new provisions, such as protections for genetic information.

NASW Associate Counsel Sherri Morgan said the HIPAA Omnibus Rule addresses areas such as the privacy and security rules, enforcement provisions, and general changes that allow for more administrative flexibility.

Social workers who are subject to HIPAA will need to amend notices of privacy, revise HIPAA forms and policies, and update business associate agreements under the HIPAA Omnibus Rule, Morgan said. NASW’s online sample HIPAA forms will be updated consistent with the new requirements and social work ethical standards.

“The changes made under the Omnibus Rule add valuable protections for patient privacy,” Morgan said. “A key change is that contractors for health providers and health plans will be directly subject to HIPAA enforcement actions, as well as any subcontractors who have access to patient identifying health information.”

Other changes include patient authorization for the use of patient information in marketing, privacy protections for self-pay clients, a ban on use of genetic information for health-plan underwriting, changes to how risk of harm from privacy breaches is assessed, and an expiration of HIPAA privacy protections 50 years after a patient’s death.

“There are also specific penalties for those who ‘willfully neglect’ to comply with the HIPAA requirements,” Morgan said, “so social workers are strongly encouraged to review their compliance plan and keep a file to document the specific actions they take to meet the new standards.”

The 2013 Omnibus HIPAA Rule is effective as of March 26, 2013, with a compliance date of Sept. 23, 2013.