Image of nurses' hands at computer keyboard

Providers can expect increased enforcement and continuing rule changes related to the Health Insurance Portability and Accountability Act (HIPAA), according to a prominent industry group.

The latest issue of the Journal of AHIMA, a publication of the American Health Information Management Association, focuses on how HIPAA has evolved in the 10 years since it was passed, and how the regulation will change in the future.

HIPAA has undergone many modifications since it was first passed, including most notably the addition of HITECH act provisions in 2009. An omnibus rule finalizing the HITECH changes was released last January. However, providers should not see this as the final stage of HIPAA, according to Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health Information Technology.

“People sometimes ask of HHS — ‘So are you finished changing the rules now?’ There is no ending point. Technology is constantly changing, and there are always new challenges,” Pritts told AHIMA.

Long-term care providers trying to make sense of the omnibus rule that took effect March 26 can refer to Journal of AHIMA guidance posted online Monday. The guidance outlines the four factors that will determine how a breach should be reported. It also lists the 19 unique identifiers that must now be reported for each potentially breached record. One of these identifiers is reporting if the breach included anyone older than 89 years.