CMA
-
Join CMA
The CMA assists its physician members with legislative action, advocacy, practice management and by advancing the profession of medicine.
-
Contact Us
Your opinions and comments are important to us. Here's the easiest way to get a hold of us.
-
Real People, Real Stories
Learn about the lives changed through advocacy, volunteerism, philanthropy and disaster preparedness.
-
Back to News
Lorem ipsum dolor sit amet
Back to News
Lorem ipsum dolor sit amet New HIPAA Breach Notification Rule Takes Effect
New regulations effective September 23, 2009 require all physicians who are covered by HIPAA to notify patients if there are breaches of security involving their medical information. These requirements apply in addition to any notification obligations imposed by state law. These requirements also supplement the obligations imposed by the HIPAA Privacy and Security Rules.
HIPAA covered entities (i.e, health plans, health care clearinghouses, physicians, and other health care providers who transmit any health information electronically in connection with a HIPAA standard transaction) must comply with the new breach notification requirements specified in interim final regulations promulgated pursuant to the “American Recovery and Reinvestment Act of 2009” that was signed into law on February 17, 2009.
Following the discovery of a breach of unsecured protected health information (PHI), physicians must provide notification to affected individuals, to the Secretary of the Department of Health and Human Services (HHS), and in some cases, to the media.
The breach notification provisions are effective, and compliance is required for breaches occurring on or after September 23, 2009. However, HHS will use its discretion not to enforce the new breach notice requirements and will not impose sanctions or financial penalties for breaches discovered before February 22, 2010.
After the breach notification rule takes effect, but before HHS imposes sanctions, HHS expects compliance with the breach notification requirements. Accordingly, it is recommended that physicians (and their business associates) plan immediately to comply with these new breach notification requirements.
This new HIPAA Breach Notification Rule only concerns the unauthorized acquisition, access, use or disclosure of unsecured patient health information as a result of a security breach. This Rule does not replace the existing HIPAA Privacy Rule that permits a covered entity (i.e., physician) to use and disclose patient health information, within certain limits and protections, for treatment, payment, and health care operations activities.
For a complete overview including the topics:
• What Constitutes a Breach
• What Constitutes Unsecured PHI
• Exceptions to the Breach Notification Requirements
• Breach Notification
• Discovery of Breaches
• How to Provide Notice
• Notice to 500+ Affected Individuals
• Notice to HHS
• Contents of the Written Notice
• Compliance with Federal and State Laws on Breach Notifications
Logon to http://www.ama-assn.org
Call for Resolutions
The call for resolutions is your chance to make an impact in health care policy, and the Columbus Medical Association members are strongly encouraged to participate.
Physician members who have suggestions to improve the health care system as it relates to physicians, patients, insurers, legislators, media or the American Medical Association should submit a resolution by January 8, 2010.
The resolution will be reviewed and considered by the CMA Board of Directors and if approved, it will be heard at the Ohio State Medical Association (OSMA) House of Delegates Meeting in April. If adopted by the OSMA, appropriate action is taken and could be submitted to the American Medical Association.
If you have any questions about how to format your resolution, or questions in general about the process, you may contact either Dr. Charles Hickey, OSMA Tenth District Councilor, at 766-2006 or Diane May, CMA Director of Member Relations and Services, at 240-7410, ext. 106 or email at dmay@goodhealthcolumbus.org.
HIPAA covered entities (i.e, health plans, health care clearinghouses, physicians, and other health care providers who transmit any health information electronically in connection with a HIPAA standard transaction) must comply with the new breach notification requirements specified in interim final regulations promulgated pursuant to the “American Recovery and Reinvestment Act of 2009” that was signed into law on February 17, 2009.
Following the discovery of a breach of unsecured protected health information (PHI), physicians must provide notification to affected individuals, to the Secretary of the Department of Health and Human Services (HHS), and in some cases, to the media.
The breach notification provisions are effective, and compliance is required for breaches occurring on or after September 23, 2009. However, HHS will use its discretion not to enforce the new breach notice requirements and will not impose sanctions or financial penalties for breaches discovered before February 22, 2010.
After the breach notification rule takes effect, but before HHS imposes sanctions, HHS expects compliance with the breach notification requirements. Accordingly, it is recommended that physicians (and their business associates) plan immediately to comply with these new breach notification requirements.
This new HIPAA Breach Notification Rule only concerns the unauthorized acquisition, access, use or disclosure of unsecured patient health information as a result of a security breach. This Rule does not replace the existing HIPAA Privacy Rule that permits a covered entity (i.e., physician) to use and disclose patient health information, within certain limits and protections, for treatment, payment, and health care operations activities.
For a complete overview including the topics:
• What Constitutes a Breach
• What Constitutes Unsecured PHI
• Exceptions to the Breach Notification Requirements
• Breach Notification
• Discovery of Breaches
• How to Provide Notice
• Notice to 500+ Affected Individuals
• Notice to HHS
• Contents of the Written Notice
• Compliance with Federal and State Laws on Breach Notifications
Logon to http://www.ama-assn.org
Call for Resolutions
The call for resolutions is your chance to make an impact in health care policy, and the Columbus Medical Association members are strongly encouraged to participate.
Physician members who have suggestions to improve the health care system as it relates to physicians, patients, insurers, legislators, media or the American Medical Association should submit a resolution by January 8, 2010.
The resolution will be reviewed and considered by the CMA Board of Directors and if approved, it will be heard at the Ohio State Medical Association (OSMA) House of Delegates Meeting in April. If adopted by the OSMA, appropriate action is taken and could be submitted to the American Medical Association.
If you have any questions about how to format your resolution, or questions in general about the process, you may contact either Dr. Charles Hickey, OSMA Tenth District Councilor, at 766-2006 or Diane May, CMA Director of Member Relations and Services, at 240-7410, ext. 106 or email at dmay@goodhealthcolumbus.org.
Back to News