By Healthcare Facilities Today

Safeguarding patients' personal health information has become a more complicated job—and potentially more punitive—thanks to a raft of new federal rules going into effect this week for healthcare companies and an untold number of their subcontractors. 

According to an article on Modern Healthcare's website, most of the 563-page Omnibus HIPAA Final Rule's provisions dealing with data privacy and security are workable. But a few areas are expected to create headaches, including bigger penalties, a strong push for systemwide data encryption, and drafting contracts assigning new liabilities to hospitals' "business associates," which now include contractors and subcontractors.

A requirement to honor patients requests to withhold sensitive records from insurance companies if the bills are paid out of pocket is called all-but-impossible by experts, according to the article.

“You may be able to stop a bill from going to a particular payer, but all the other pieces that we have put in place are so tightly wound together,” says Pamela McNutt, senior vice president and chief information officer for seven-hospital Methodist Health System, based in Dallas. “How are you going to stop an insurance company that wants to do a chart audit from seeing one visit that the patient wanted to mask?”

Read the article.