|
 DeAnne Toto
|
The U.S. Department of Health and Human Services (HHS) has proposed a new rule related to the Privacy, Security and Enforcement rules of the Health Insurance Portability and Accountability Act (HIPAA). The proposed rule has been published to the Federal Register and is available at http://edocket.access.gpo.gov/2010/2010-16718.htm. It is designed to bring HIPAA’s rules in the areas of privacy, security and enforcement into conformance with the HITECH (Health Information Technology for Economic and Clinical Health) Act.
According to a press release issued by PRISM International, the proposed rule could affect records and information management (RIM) businesses in various ways if it becomes final, including broadening the definition of “Business Associate” to include “administrative” functions. Additionally, subcontractors to Business Associates share the responsibilities of the Business Associate. “In other words,” a PRISM press release notes, “if a Business Associate employs a subcontractor to carry out the work, a shredding contractor for example, the responsibilities of that shredding contractor are essentially the same as those of the Business Associate.”
The proposed rule also would modify conditions that must be included in Business Associate agreements as well as require agreements for subcontractors.
“Based on discussions between PRISM International and Health and Human Services, all PRISM International members in the United States will be asked to comment on this rule,” the association notes in a press release. PRISM has set up a resource page, available at
http://prismintl.org/2010-hipaa-campaign-key-points
, to help members comment. The comment period will conclude Sept. 10.
According to PRISM, the Small Business Office of Advocacy attorney working with the association says individually written letters, rather than form letters, have the most impact. “He also stressed the need to quantify the costs associated with compliance and specifically address the risks and burdens that these rules place on small businesses,” PRISM adds.
To assist members in their letter writing campaigns, PRISM’s “2010 HIPAA Campaign Key Points” Web page offers visitors a HIPAA letter template, a “HIPAA Fact Scenarios” document that answers various questions records storage companies may have regarding HIPAA and a “HIPAA White Paper.”
This is one of the few times business owners and managers of records centers can help to shape the effect this regulation will have on the companies that comprise the RIM industry. While it’s easy to put off writing a letter in favor of more immediate business and family obligations, particularly this time of year, by taking a few minutes today to do so, you could be helping out your industry and your business tomorrow.
|