Houston partner Bob Wolin authored an article, "Privacy Law Changes Require Provider Action," for the June 19, 2009, edition of Nursing Home Litigation Reporter. Wolin's article provides an overview of recent privacy law changes affecting the long-term-care industry and how providers can protect themselves from the increased risks of litigation.
According to Wolin: "Recent changes under the American Recovery and Reinvestment Act of 2009, known as the stimulus bill, and other privacy and identity theft laws are redefining long-term-care providers’ privacy and security obligations in ways not seen since the introduction of HIPAA [Health Insurance Portability and Accountability Act]. The changes will require providers to make significant operational changes for themselves and their business associates."
The article continues: "Identity theft occurs with some regularity in long-term-care facilities. Long-term-care providers must respond to the new changes with proactive and practical solutions to ensure that they maintain the privacy of their residents' data at a reasonable cost. The cost of identity theft to a provider can be significant and harm the provider's reputation."
Wolin's article goes on to describe the significant new privacy and identity theft requirements for providers outlined in the stimulus bill, including:
Wolin also addresses the Federal Trade Commission's "red flag" rule, which becomes effective Aug. 1, 2009, and social security number confidentiality laws which have been enacted in 33 states.
Wolin concludes: "Long-term-care providers must vigilantly monitor HHS and state agencies for changes resulting from the stimulus bill, the red-flag rule and state legislative enactments to minimize their risk. Failure to implement and maintain an up-to-date comprehensive identity theft and privacy policy may leave a provider exposed to significant liability for fines and penalties, far in excess of the liability an individual patient may suffer from identity theft."