Regulations

Our Health Information Specialists are professionals trained in and compliant with State and Federal Regulations for managing and releasing copies of confidential information for medical record requests received by a physician or medical facility. Copies FYI, Inc. shares the following important websites to you view important information about HIPAA privacy and confidentiality, HITECH’s rules for technical security and much more. Bookmark this page to stay informed of any changes or new releases.

Final HIPAA Omnibus Rule https://www.federalregister.gov/articles/2013/01/25/2013-01073/modifications-to-the-hipaa-privacy-security-enforcement-and-breach-notification-rules-under-the

Effective March 26, 2013 with enforcement beginning September 13, 2013. This 563 page rule covers the following key areas of changes to the Final Interim Rule.

  • Business Associates: Business Associates and their subcontractors of Covered Entities are now directly liable for compliance with HIPAA Privacy and Security Rules.
  • Breach Notification: The standard of “harm” threshold has been replaced with a more objective standard.
  • Patient Rights: Patients may request a copy of the records in an electronic format. Patients may also restrict the disclosure of their records to their Health Plan when paying for products or services out of pocket.
  • Marketing & Fundraising have stronger limitations on the use and disclosure of Protected Health information
  • “Sale” of Protected Health Information requires a signed authorization from the patient
  • Research: Authorizations for future research are permitted if HIPAA compliant. Authorization must clearly state or inform the patient their PHI may be used for future research.
  • Covered entities need to revise and redistribute their notice of Privacy Practices