Recent Regulations Affecting Medical Practices

The Federal Government passes new legislation on a regular basis that impacts the day-to-day operations of a medical practice. In order to help practices stay abreast of changes that have taken place, BSM publishes highlights of recent activity that could affect your business.

The information provided in this section is intended to help medical practices stay informed of recent changes in law and new government regulations in the areas of Human Resources, HIPAA, compliance, tax, Medicare and Medicaid, Federal Trade Commission, and others. BSM has compiled this information in a summary fashion to highlight the specific law or legislation and has provided links to resources which will provide more in-depth information for our users.

For additional information on issues specific to your practice, we recommend you consult with qualified legal and tax advisors.

Effective Date: March 26, 2013
Compliance Date: September 23, 2013

Summary: The much-anticipated update (Omnibus Final Rule or Final Rule) to the Health Insurance Portability and Accountability Act (HIPAA originally established in 1996) strengthening privacy and security protection rules, was released January 25, 2013 by the U.S. Department of Health and Human Services (HHS), is effective March 26, 2013 and expands protections of patients' health information. Compliance is required by September 23, 2013.

The massive 563-page Omnibus rule covers changes required under a number of regulations established since HIPAA was first enacted, including:

  • the Health Information Technology for Economic and Clinical Health Act (HITECH);
  • final regulations for breach notification requirements; and
  • greatly enhances privacy protections required under the Genetic Information Nondiscrimination Act 

Much of the new rule as it pertains to physician practices relates to an expanded definition of a “Business Associate” requiring that Business Associates must now enter into Business Associate agreements with their subcontractors.  The final rule will require changes to the Notice of Privacy Practices.

HIPAA covered entities, including Physician’s practices and their business associates (and now subcontractors of the Business Associate) must comply with the new privacy and security requirements by September 23, 2013.  Penalties of noncompliance are based upon the level of negligence with a maximum penalty of $1.5 million per violation.  BSM will continue to provide updates on this topic.

Resources Available:

January 2013 HHS Press Release

American Medical Association (AMA)

Federal Register (Vol. 78, No. 18, Friday, January 25, 2013 (Final Rule)

Effective Date: January 1, 2011


Summary: The IRS has issued new rules concerning the use of flexible spending accounts (FSAs) to pay for over-the-counter, non-prescription medications and drugs, effective January 1, 2011. These new standards were established under the Patient Protection and Affordable Care Act. This act established new uniform standards for FSAs and a similar rule for Health Savings Accounts (HSAs) and Archer Medical Savings Accounts (Archer MSAs). For information regarding this topic see the resources available below.


Resources available:


Effective Date: March 2010


Summary: This bill was enacted by Congress to provide comprehensive health reform. Some provisions are effective calendar year 2010, with major provisions taking effect in 2014. Provisions in the act impact employers, insurance companies, Medicare, and health care consumers. For more details, see the resources available below.


Resources available:

  • Patient Protection and Affordable Care Act- Provides summaries and analysis by both the Democratic Policy Committee (DPC) and the Republican Policy Committee (RPC).
Effective Date: January 1, 2009, with revisions published in the Federal Register dated September 23, 2009

Summary: Amendments make it easier for an individual seeking protection under the ADA to establish that he or she has a disability within the scope of the ADA.

Resources available:

Effective Date: January 1, 2009

Summary: This amendment provides new military family leave entitlements, updates the 15 year-old FMLA to improve communication between workers and their employees, and clarifies certification procedures for more efficient administration and for compliance with HIPAA guidelines.

Resources available:

Effective Date: February 17, 2009

Summary:This law was signed into effect as an effort to jumpstart our economy, create or save jobs, and create an effort to modernize the nation’s infrastructure, enhance energy preserve, improve affordable health care, and provide tax relief. One major impact on health care providers relates to the extension of COBRA benefits, as well as an employer-provided subsidy for employees who involuntarily lose their jobs.

Resources available:

Effective Date: November 21, 2009

Summary: This act was enacted by Congress in May, 2009 and is under the jurisdiction of the Equal Employment Opportunity Commission (EEOC). The act prohibits the use of genetic information in making employment decisions, restricts the acquisition of genetic information by employers, imposes strict confidentiality requirements, and prohibits retaliation against individuals who oppose actions made unlawful by GINA. “Genetic information” includes information about genetic tests of the individual and family members, as well as information about any disease, disorder, or condition of an individual’s family members, i.e., family medical history. Violation of GINA may result in compensatory and punitive damages. Federal EEOC Posters must now include information on GINA. Resources for EEO posters and the genetics poster addendum are listed below.

Resources available:

Health Information Technology for Economic and Clinical Health Act (HITECH Act) – Title XIII of American Recovery and Reinvestment Act of 2009 (ARRA)

Date Signed: February 17, 2009

Breach Notification Requirement: February 22, 2010

Summary: This is significant legislation dealing with a number of different issues related to electronic health records. It provides for financial incentives through Medicare and Medicaid programs to encourage physicians and hospitals to adopt and use certified electronic health records. However, there is a delay in implementation because of the lack of guidelines for certification. In addition, the Act establishes a Federal breach notification requirement for health information that is not encrypted or otherwise indecipherable. Physician practices are required to formulate a plan to deal with notification if breaches of PHI occur.

Resources available:

OSHA 300 Log Reminder:

From February 1 through April 30 of each year, all medical facilities are required by OSHA to post an OSHA 300 Log. This log must be posted in a visible location and designates any exposure incident occurring during the previous year. OSHA 300 logs can be downloaded from the OSHA website,

Effective Date: January 1, 2011

Update: New Law Clarifies Who is Subject to the Red Flags Rule

On December 18, 2010, President Obama signed into law the "Red Flag Program Clarification Act of 2010" which clarifies the type of "creditor" that must comply with the Red Flags Rule. This Act provides some long awaited clarification concerning the application of the "red flag rules" to providers of professional services, including physicians. The new law provides that physicians (and certain other service providers) are no longer defined within the meaning of the term "creditors." The new definition of "creditor" excludes "service providers" which include those that advance funds on behalf of a person for expenses that are incidental to a service they provide to that person.

Resources available:

Effective Date: October 1, 2009

Summary: There are several issues addressed in the updates in Stark regulations. The Anti-Markup update by CMS states that the anti-markup payment limitation will apply in cases where a physician does not share practice with the billing physician or other supplier. This rule does not apply to laboratories, but does relate to "purchased diagnostic tests." New rulings prohibit certain "Under Arrangements" Transactions. Other changes relate to "stand-in-the-shoes" relationships and to "per click and percentage-based compensation".

Resources available:

  • Technical Assistance on Waivers in Separation Pay: (particularly as they pertain to the ADA, ADEA, and EPA)

    Equal Employment Opportunity Commission: "Understanding Waivers of Discrimination Claims in Employee Severance Agreements"

"My staff love taking the eLearning courses. I have also been very impressed with all the great forms I can download and use."
BSM Consulting, 936 Southwood Blvd., Suite 102, Incline Village, NV 89451 | Tel: 775-832-0600 | Fax: 775-832-0664

Click Here To Read Our Consulting Services Team Bios Click Here for Operations & Client Services Click Here To Read Our Technology Services Team Bios Click Here for Business Management Services