On January 17, 2013 the federal Department of Health & Human Services (“HHS”) announced a final omnibus rule that details amendments to the privacy, security, data breach and enforcement rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The 2013 HIPAA Amendments (which, with commentary from HHS, weighs in at 563 pages) are closely based on statutory changes under the HITECH Act of 2009, and were previewed in proposed and interim rules issued by HHS several years ago. They involve a number of sweeping expansions to the existing HIPAA Rules including: (1) a broader definition of “business associates” (“BAs”) to include downstream subcontractors that handle protected health information (“PHI”) on behalf of BAs; (2) increased penalties for noncompliance, with a maximum penalty of $1.5 million per violation; (3) expanded individual rights, including the right to request electronic medical records; and (4) new limitations on the use of PHI for marketing and fundraising, or the sale of PHI; among other broad changes. Read the full text here.
Register Now As you are not an existing subscriber please register for your free daily legal newsfeed service.Register
If you have any questions about the service please contact email@example.com or call Lexology Customer Services on +44 20 7234 0606.
HHS (finally) announces the HIPAA/HITECH amendments
If you are interested in submitting an article to Lexology, please contact Andrew Teague at firstname.lastname@example.org.
PHD, a division of The Fuel Logistics Group (Pty) Ltd