New HIPAA Rules Affect Healthcare Marketers
The new rules make one point very clear: Healthcare organizations no longer can use business associate agreements to circumvent the law's marketing prohibition. For example, pharmacies no longer can sell PHI to a business that wants to market its products under a business associate agreement with that pharmacy.
The news wasn't all gloomy for healthcare businesses, however. The hybrid entity clause allows covered entities to designate only certain components of their business as subject to HIPAA compliance.
"By declaring your company a hybrid entity," says Mac Murray, "you can carve out or create a healthcare component in which you may limit where HIPAA applies within your organization. However, you must put in safeguards for those areas that cross over, such as accounting and legal services, to ensure you remain HIPAA-compliant when necessary."
One more new rule: If yours is a covered entity, you must have a privacy officer. "You can give that person additional duties," Mac Murray says, "but you must designate one person in your company to be in charge of HIPAA compliance."