A notice in published July 29 in the Federal Register starkly demonstrates administrative burdens of complying with the HIPAA privacy rule.
The Department of Health and Human Services published the notice as part of its intent to continue requiring documentation of compliance. The notice lists a dozen documentation requirements, such as authorization to use and disclose protected health information, and notices of privacy practices.
In total, HHS estimates an industry-wide annual reporting burden of nearly 62.3 million hours-98% of which covers dissemination of a notice of privacy practices and patient acknowledgement. Accounting for use and disclosure of PHI make up most of the remaining burden.
The notice is available at gpoaccess.gov/fr/index.html.