The AAOS Practice Management Committee has posted two new documents to help orthopaedic practices meet the new privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA) that went into effect on Sept. 23, 2013. These final rules require all healthcare practitioners to change their notices of privacy practices and to implement new business agreements with business associates.

The new rules make business associates and their subcontractors directly liable for compliance with certain HIPAA privacy and security rule requirement. They also strengthen the limitations on the use and disclosure of protected health information and expand an individual’s right to receive electronic copies of his or her information. The penalties for security breaches have also been increased, and the definition of a reportable privacy breach has been clarified.

A new sample HIPAA Notice of Privacy Practices and a new sample HIPAA Business Associate Agreement have been developed for use by orthopaedic practices. The documents were prepared by Todd Rodriguez, Esq., a partner in the firm of Fox Rothschild, LLP (Exton, Pa.). The documents can be found in the AAOS online practice management center (www.aaos.org/pracman) and are available free for AAOS members only; member login is required.

Additional Information

• What you need to know about the HIPAA omnibus rule
• Are you ready for the new HIPAA requirements?
• Final rule summary
• Sample HIPAA Notice of Privacy Practices
• Sample HIPAA Business Associate Agreement