Mar 14, 2011 – Yesterday a notice of proposed rule making was released by the Office for Civil Right on modifications to security rules and HIPAA privacy required by the HITECH Act. The official publication will appear on July 14, 2010 in the Federal Register.

Several additions and modifications are addressed for subtitle D of the HIPAA act which is included in the American Recovery and Reinvestment Act. Physician billing services and medical billing service companies will be affected by these changes.

Summary of some of the modifications:

Entities utilizing EHR technology are required to provide protected health information in electronic form when requested
Entities to provide same penalties and requirements to business associated as provided to entities covered under HIPAA
Requesting restrictions extended for consumers regarding release to health plans in specific situations
Prohibits certain marketing and fund raising communications that are written
Prohibits PHI (protected health information from being sold without a limited
exception or authorization that is valid
HIPAA rules and regulations affect everyone including patients, providers, and medical billing services companies. There will be an impact provided by these proposed changes and modifications. Some will be with added cost to facilities increasing the need to improve efficiencies obtained through the use of physician billing and medical billing services companies.

A key point to highlight is that as of now, a clear definition of privacy has not been provided by regulators. Without this definition it is not clear how all of the changes will be carried out or the exact impact these changes will have on stakeholders such as medical billing services companies.

Regulation on Standards of testing and Certification for the EHR subsidy provided under the stimulus program is expected to be released in final form in the coming months.