New Rule
The revisions, announced in March 2013 and effective September 23, require the following steps:
- Conduct a security risk assessment;
- Revise their existing privacy, security and breach notification policies and procedures;
- Make copies of those revised privacy policies available to patients;
- Amend business associate agreements to reflect the new regulations; and
- Retrain practice staff on the revised policies
Federal law requires practitioners to provide all patients with notices of the measures taken to protect patient information. Failure to provide the required HIPAA notices or meet standards may result in investigations and possible civil or criminal penalties.
HIPAA Resources
AOA is providing resources to help optometrists follow the mandatory HIPAA rules, including a newly developed HIPAA Compliance Section of the AOA website. Resources include:
- Updated AOA HIPAA Security Regulation Compliance Manual (available free of charge to AOA members)
- Sample HIPAA Business Associate Agreement
- Sample HIPAA Notice of Privacy Practices, developed by the AOA Office of Counsel for use in optometric practices, which are available to order
In addition, the AOAExcelTM HIPAA page includes the AOA White paper Updated HIPAA Regulations-What Optometrists Need to Know, with questions and answers about the privacy regulations.
The U.S. Department of Health & Human Services (HHS) offers resources for HIPAA-covered entities and their business associates.
