The updated HIPAA guidelines include requirements that patients be given information about their rights under the law.

Patient information templates available for healthcare providers

Stephen Perkins

The updated Health Insurance Portability and Accountability Act requirements impose more data storage rules on healthcare providers and also call for patients to be given more access to their own protected health information.

The revised HIPAA rules give healthcare providers until Sept. 23 to move their patient records to cloud backup systems. Medical professionals who do not comply with the rule change or who have their patient records compromised may be subject to fines in excess of $1 million. Another aspect of the law requires healthcare entities to distribute notices explaining patient rights and the security measures taken with their data as well as give patients the ability to forbid the sharing of their information.

To help healthcare providers meet this notification obligation, The Office of the National Coordinator for Health Information Technology and the Office for Civil Rights have issued templates for crafting patient notices, according to Health​ IT Security. The guidelines cover formats including booklet, single-page documents and layered notices featuring a summary at the front. Physicians can see an easy way to break down the information regarding patient rights, physician responsibilities and online data backup practices.

The templates are flawed in that they do not provide instructions for compliance issues that occur when patients ask for their data but the data storage system won't allow the information to be tagged, according to Modern Healthcare. The U.S. Department of Health and Human Services has said that it will issue expanded instructions for dealing with such situations. Another criticism leveled at the templates is that they oversimplify some aspects of the law and don't specifically outline the individual's right to privacy.

It's not a very helpful document," attorney James Pyles told the source. "It's set up to make the public feel good, that they're somehow protected. But if you look at the part of the document that says these are your rights, there's really not much there. It looked pretty misleading to me."

Categories: Cloud Backup, Data Compliance, Data Protection, Online Backup