Welcome LTC HIM 

HIM responsibilities with MEGA rules

  • 31 Mar 2018 3:57 PM
    Reply # 6009583 on 5878740
    RHIA Administrator (Administrator)

    Per the AHIMA Analysis of the HIPAA Mega Rule of January 25, 2013 the Key Highlights of the HITECH/GINA Updates to HIPAA Privacy and Security Requirements were:

    • Business associates must follow the Security Rule for electronic protected health information.
    • Business associates have business associate agreements with their subcontractors who must also follow the security rule for electronic protected health information (PHI).
    • Covered entities do not have business associate agreements with business associates’ contractors.
    • Marketing requires an authorization.
    • Financial remuneration is defined.
    • Exceptions to marketing are still in place.
    • Business associates must obtain authorizations prior to marketing.
    • Grandfather clause for business associate agreement transition
    • Prohibits the Sale of PHI without patient authorization
    • Allows for Compound authorizations for research
    • Allows for Authorizing for use or disclosure of future research data
    • Any individually identifiable health information of a person deceased more than 50 years is no longer considered PHI under the Privacy Rule.
    • Covered entities are now permitted to disclose a decedent’s PHI to family members and others who were involved in the care or payment for care of a decedent prior to death, unless doing so is inconsistent with any prior expressed preference of the individual that is known to the CE.
    • Covered entities can disclose proof of immunization to a school where state or other law requires it prior to admitting a student. Written authorization is no longer required, but an agreement must still be obtained, which can be oral.
    • Covered entities must provide the recipient of any fundraising communication with a clear and;conspicuous opportunity to opt out of receiving any further fundraising communications and that the;individual’s choice to opt out is treated as a revocation of authorization under the privacy rule.
    • The Notice of Privacy Practices must be revised and redistributed.
    • Required restriction to health plan
    • Access to electronic PHI
    • Form and format of electronic copies
    • Fees for paper and electronic copies
    • Timeliness for paper and electronic records
    • The Breach Notification Rule’s “harm” threshold is removed and replaced with a more objective standard.
    • Title I of GINA required the Secretary to revise the HIPAA Privacy Rule.
    • Genetic information is health information.
    • Genetic information may not be used or disclosed for underwriting purposes.
    • Excludes long-term care plans from the underwriting prohibition
  • 26 Feb 2018 3:05 PM
    Message # 5878740
    Deleted user

    Do you have an outline of the specific areas that need to be addressed by HIM with the MEGA rule? Thanks.

    Last modified: 26 Feb 2018 3:06 PM | Deleted user
© 2014 - 2020 LTC Resource Network, LLC. All Rights Reserved.
Any advice provided on this site is general in nature and not intended as a substitute for licensed HIM consultation services. Users should consult with their facility professional counsel and consultants for specific legal, ethical, or clinical questions. Users of this service should consult attorneys who are familiar with federal and state health care laws.
Please read our Terms and ConditionsCommunity Guidelines, and Privacy Statement.

Powered by Wild Apricot Membership Software