A good look at the recent HIPAA/HITECH changes from HHS, compliments of CyberPeg…
Originally posted on cyberpeg:
On January 17, 2013, the U.S. Department of Health and Human Services (HHS) issued a press release announcing the modifications to the HIPAA Privacy and Security rules. The HHS issued the final rule to:
-modify the HIPAA Privacy, Security and Enforcement Rules to implement statutory amendments under HITECH to strengthen privacy and security protection for individuals’ health information (applying Security Rule standards, certain Privacy Rules directly to business associates);
-modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under HITECH Act (access/disclosure of PHI not permitted is presumed a breach);
-modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing GINA provision (Genetic Information Nondiscrimination Act of 2008);
-make certain other modifications to the HIPAA Rules in order to improve effectiveness, flexibility.
The final rule is effective March 26, 2013 and covered entities and business associates must comply with the applicable requirements of the final rule by September 23, 2013.