New Patient Privacy Rules

It’s official. Medical records now have stronger locks. A new era in patient privacy regulations started this week, thanks to changes in federal laws designed to protect the privacy of your medical and financial records.

 “The federal changes have added more teeth to patient privacy laws,” says Mercy del Rey, chief privacy officer for Baptist Health South Florida. “We’ve had to take the great privacy program that Baptist Health has already had and take it up a notch. We’re a patient-centered organization, and patient privacy has always been a priority.” 

What does it all mean for you? Ms. Del Rey offers the following answers. 

What’s the background?
In 1996, the Health Insurance Portability and Accountability Act was introduced to protect patient privacy. Most folks in the healthcare industry use the term HIPAA (hip-uh) to describe the collection of privacy regulations.

During the last 15 years, HIPAA has undergone a series of changes and enhancements. This year, the U.S. Department of Health and Human Services (HHS) strengthened the walls around patient information, which includes health and billing information. The latest changes, known as the “final Omnibus Rule”  were announced in January and took effect this week. According to lawmakers, the changes  greatly enhance a patient’s privacy protections, provide individuals new rights to their health information, and strengthen the government’s ability to enforce the law.

What prompted the changes?
One word describes the roots of expanded privacy laws: Technology.  Right now, for instance, you are reading a digital article—a blog post—electronically published on the Internet. But back in 1996, you would have digested this same information on a printed page—perhaps a brochure or flyer.

“In the past, a lot of the industry’s focus was on protecting paper and verbal information. Due to all the new bytes of digital information, patient privacy rules needed revamping to cover digital data,” says Ms. del Rey. “The way we protect and exchange that data has changed.”

New rules have been added, but pre-existing privacy regulations are still in force. Older rules, for example, forbade medical professionals from discussing detailed and identifiable patient information in an elevator or any public space where unrelated third parties could overhear private details.  Now, that conversation in the digital world must be equally protected.

What rights do the new rules provide me?
The Notice of Privacy Practices  describes how medical information about patients may be used and disclosed and how patients can get access to this information. Patients now have increased rights under the final HIPAA Omnibus Rule.  For example, you can request and review your medical records in an electronic format, such as on a CD, in addition to the traditional paper format. 

Which entities are held accountable?
Before the latest round of changes, only healthcare providers and insurance companies were held legally accountable for safeguarding patient records. But now that responsibility and accountability have been expanded to include all third-party “business associates” of  healthcare providers, including information technology companies. 

“All of our business associates are obligated by law and under contract with us, to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract,” Ms. del Rey says.  These third parties are also subject to fines. 

What are the penalties?
Under new federal regulations, fines for noncompliance have been increased to a maximum of $1.5 million for each violation.

Stronger privacy locks also provide specific formulas for reporting security breaches of patient data as required under the HIPAA Omnibus Rule breach notification requirements.  


Thanks to technology, the nuts-and-bolts of daily life have changed, especially when it comes to storage of documents, photos and even music. In the medical arena, electronic files enable you and your medical team to access your health records from any location as needed to provide you with quality care as efficiently as possible.

 “At Baptist Health, we have taken extensive measures to make sure our employees understand their roles and responsibilities as related to protecting our patients and their information,” Ms. del Rey says. “It’s all about the patient and how we take care of our patients and their families.”



Healthcare that Cares

With internationally renowned centers of excellence, 12 hospitals, more than 27,000 employees, 4,000 physicians and 200 outpatient centers, urgent care facilities and physician practices spanning across Miami-Dade, Monroe, Broward and Palm Beach counties, Baptist Health is an anchor institution of the South Florida communities we serve.

Language Preference / Preferencia de idioma

I want to see the site in English

Continue In English

Quiero ver el sitio en Español

Continuar en español