Happy Wednesday! Let’s crush the rest of the week! While we are battling our Hump Day blues, let’s turn this Wednesday into a learning opportunity. 

A HIPAA Summit was held, introducing new updates to HIPAA legislation. Want the quick 411? You’ve come to the right place! 

Part 2 Final Rule

We go into more detail about this in our article here, but new legislation regarding the confidentiality of Substance Use Disorder patient records has been released. 

You need to know that: 

• Single patient consent is valid – this consent allows for all future uses and disclosures for treatment, payment, and healthcare operations. 
• Anonymous information can be shared about a patient without consent to public health authorities. 
• HIPAA rules are being adopted – the HHS is given civil enforcement authority for Part 2 violations, like HIPAA. 

The full rule can be found here.  

Cybersecurity Resource Revision

The National Institute of Standards and Technology, or NIST released some new resources for cybersecurity measures. These resources include explanations of the HIPAA Security Risk Analysis and actionable steps to implement these measures. To read more about these resources, click here.

HIPAA Online Tracking Technologies 

Online tracking technologies have been at the forefront of recent compliance cases like the 300,000 dollar fine given to the NewYork-Presbyterian Hospital due to website tracking. 

The OCR is on it, issuing guidance on how to properly use tracking technologies. 

What you need to know is that when using tracking technologies:

• If applicable, make sure you have a Business Associate Agreement signed with the marketing agency you are working with. 

• Make sure the minimum necessary information is tracked to keep your patients safe. 

Enforcement Highlights

Unfortunately, we’ve seen a major spike in patients impacted by HIPAA. In 2023, over 134 MILLION were exposed to a large HIPAA breach. 

• Compared to 2022, this is a 79 million person increase or almost 150% increase! 

• Most of the major large breaches were due to hacking/IT complications, highlighting the need for cybersecurity. 

• The OCR also received over 31,000 HIPAA cases in 2023.

• There were also trends in HIPAA violations. Some of the most common violations included:
  • Failing to provide patients with access to their medical records. (Right of Access violations).
  • Not conducting a proper risk analysis.
  • Lacking a Business Associate Agreement with companies that handle your patients’ data.

What You Can Do

First, sorry for the information overload, but it’s vital to know for your practice. 

By following these guidelines, you’ll provide an even more positive and secure experience for your patients.

An easy way to stay compliant is with Abyde. The Abyde software offers a plethora of compliance resources, making compliance simple. 

We offer the latest information and entertaining training for your practice, always keeping you on your A-game.

Want to avoid common HIPAA mistakes? Use Abyde! We turned the Security Risk Analysis into an intuitive questionnaire that can be completed in minutes. We also offer dynamically generated documentation, including Business Associate Agreements that can be completed in seconds! 

Want to see where your compliance currently stands? Email us at info@abyde.com and schedule a consultation here!