The revisions recognize the movement toward the patient-centered medical home and use of the electronic health record. The revisions include:
- HIPAA Privacy Business Associate and Covered Entity programs have been combined into one URAC HIPAA Privacy Standards accreditation program.
- The background and training needed to assume the responsibilities of a “Privacy Official” have been clarified.
- New standard language has been added requiring that organizations offer individuals an electronic copy of their health information contained within a designated record set or to have that information forwarded to a third party of their choice.
- The background and training needed to assume the responsibilities of a “Security Official” have been clarified.
- Clarification around the need to update policies and procedures prior to the effective date of changes to the Security Rule and law or regulation affecting the Security Rule, as well as application for accreditation.
- Applicant organization must maintain an archive of superseded policies and procedures for at least six (6) years, which is the same for privacy documentation.
To read the full announcement, click here: