Home care and hospice providers received a warning Wednesday that the Department of Health for Human Services (HHS) is cracking down on rules governing patient privacy and access to health records.
Attorney Madison Pool of Arnall Golden Gregory law firm, based in Atlanta, GA, waved the red flag during a webinar sponsored by the National Association for Home Care & Hospice (NAHC) on the latest developments in the Health Insurance Portability and Accountability Act (HIPAA) . .
While HHS relaxed some HIPAA regulations during the COVID-19 pandemic, it has stepped up enforcement of patient rights, according to Pool. She said a key focus was patient access to records, requiring providers – including home care and hospice agencies – to respond to patient record inquiries within 30 days.
“There were 19 resolution agreements in the last 18 months, which is really important,” said Pool. “In general, in any given year, about 10 total would be a standard year for winding-up arrangements.”
Pool said another focus has been on security related to electronic record keeping. She advised home care and hospice authorities to conduct risk assessments and take security precautions to ensure that personal health records (PHI) can be securely transmitted across different platforms.
“It could be personal devices, servers, faxes, emails, human resources – all the ways PHIs are electronically managed. The entity concerned needs to go through this and identify it. Once that’s done, the affected entity needs to identify the threats and vulnerabilities that apply to the e-PHI, ”said Pool.
HIPAA is a 25 year old federal law that regulates how personal information must be retained by health care providers and health insurers. The law was developed to protect patient data from fraud and theft.
Coronavirus / COVID-19 Home Care Hospice