Are you involved in marketing or fundraising campaigns that use health information or target individuals regarding health matters? You need to be aware of the latest on HIPAA.
Marketers and fundraisers who work with organizations that are “covered entities” (health care providers such as hospitals, labs, pharmacies and physicians, health plans, health care clearinghouses and others…) under the Health Insurance Portability and Accountability Act (HIPAA) need to know about the new Omnibus Rule that is in effect as of 9.23.13.
The Omnibus Rule, issued by the Department of Health and Human Services, changes HIPAA’s Privacy and Security rules under the Health Information Technology for Economic and Clinical Health Act (HITECH) in several important ways for the marketing community. This law was passed to strengthen privacy and security protections for individual health information covered by the law, and includes added privacy protections for genetic information and for health information data breach. The new rules make “business associates” (marketers and others) of covered entities directly liable. Fundraisers face new opt-out obligations for fundraising efforts conducted on behalf of covered entities under the new rule. The rules are quite complex since HIPAA regulations cover a vast landscape.
The DMA has an updated overview and is planning a webinar to overview the requirements on November 12th. Interested members should stay tuned for webinar details – but let me know if you would like to be reminded closer to the event.