New HIPAA Rules Issued: Disclosures and Revised Notices of Privacy Practices

The following information was submitted by Elizabeth Hogue, Esq:

The U.S. Department of Health and Human Services (HHS) has issued final rules to:

  • Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Enforcement Rules to implement statutory amendments under the Health Information Technology Economic and Clinical Health Act (HITECH Act) to strengthen the privacy and security protection for individuals’ health information;
  • Modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comments received on the interim final rule;
  • Modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title 1 of the Genetic Information Nondiscrimination Act of 2008 (GINA); and
  • Make other modifications to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules to improve their workability and effectiveness, and to increase flexibility and decrease burden on regulated entities.

The final rules were published in the Federal Register on January 25,2013, and will be effective on March 26, 2013.  Covered entities and business associates must comply with the final rules by September 23, 2013.  This is the third in a series of articles that will address key provisions of the rules, their impact on post-acute providers, and practical solutions for compliance. Continue reading “New HIPAA Rules Issued: Disclosures and Revised Notices of Privacy Practices”