  |
    |
|
||||||||
|
HIPPA Update 2) Maintains the "minimum necessary" rule, while allowing treatment-related conversations. By covering oral communications and limiting the use of personal health information to the "minimum necessary," the privacy rule raised concerns that routine conversations between doctors and patients, nurses and others involved in a patient's care could violate the rule. Today's proposed changes would continue to cover oral communications and maintain the "minimum necessary" requirement, but would make clear that doctors could discuss a patient's treatment with other doctors and professionals involved in their care without fear that their conversations could lead to a violation. As long as a covered entity met the minimum necessary standards and took reasonable safeguards to protect personal health information, incidental disclosures -such as another patient hearing a snippet of conversation --would not be subject to penalties. Improper disclosures would still violate the rule. 3) Assures appropriate parental access to their children's records. The current rule may have unintentionally limited a parent's access to their child's medical records. The proposal clarifies that state law governs disclosures to parents. In cases where state law is silent or unclear, the revisions would preserve state law and professional practice by permitting a health care provider to use discretion to provide or deny a parent access to such records as long as that decision is consistent with state or other law. 4) Prohibits use of records for marketing, while allowing appropriate communications. Based on consumer concerns that the marketing provisions were ineffective to protect patient privacy, the proposal would explicitly require pharmacies, health plans and other covered entities to first obtain the individual's specific authorization before sending them any marketing materials. At the same time, the proposal would continue to permit doctors and other covered entities to communicate freely with patients about treatment options and other health-related information, including disease-management programs. The proposal also would make other revisions to simplify the rule's paperwork requirements while preserving the rule's strong privacy protections. 1) Assure privacy, without impeding research. The proposal would eliminate the need for researchers to use multiple consent forms --one for informed consent to the research and one or more related to information privacy rights. Instead, researchers could use a single combined form to accomplish both purposes. The proposal would also simplify other provisions so that the privacy rule more closely follows the format of the "Common Rule," which governs federally funded research. The provisions ensure privacy-specific criteria will apply equally to publicly and privately funded research. 2) Provide model business associate provisions. The existing rule requires covered entities -- health plans, health care providers and clearinghouses --to have contracts with their business associates to ensure that they follow the privacy rule's requirements. The proposal includes model business associate contract provisions, making it easier and less costly for covered entities to implement the requirements. The changes also would give covered entities up to an additional year to change existing contracts, easing the burden of renegotiating contracts all at once. 3) Simplify authorizations. The changes would allow the use of a single type of authorization form to obtain a patient's permission for a specific use or disclosure that otherwise would not be permitted under the rule. Patients would still need to grant permission in advance for each type use or disclosure, but the proposal would eliminate the need to use different types of forms to obtain that advance permission. |
|
|
|
