[ Friday, January 18, 2013 ]


No, I haven't, not yet: But I promise to get through the entire 563 pages by the end of the weekend, and will post notes along the way as I peruse it. However, I wanted to pass on a couple of early reactions.  Joe Conn at Modern Healthcare is the first out of the box with some analysis, and his commentators note that (i) use of PHI for marketing has gotten stricter, (ii) sales of PHI are prohibited without patient consent, (iii) the imposition of HIPAA obligations on business associates doesn't stop there, but goes all the way down the chain of subcontractors and sub-subcontractors to everyone who gets PHI, and (iv) the "harm" threshold is gone but replaced with "low probability" threshold.

The AHLA HIT list's early reax was to the numbers and regulatory impact.  For instance, Shannon Salimone noted that HHS thinks revising your Notice of Privacy Practices will take a third of an hour of legal time, or $28.  If you've got a lawyer that charges $84/hour writing your NoPP, you're going to be in big trouble in no time.  A business associate only needs 2-5 hours to complete documentation of security rule compliance, and an hour to do the BAA.  And there are only 1-2 million BAs out there.  Wow, things are different on planet HHS than they are here on earth. 

Jeff [4:39 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template