What the New HIPAA Rules Say About Health Information Technology for Users, Developers and Investors

HIPAA-covered entities and many of their vendors—among them are HIO and EHR consultants, data analytic firms, data transmission facilitators, software vendors and device vendors—rely on health information technology (HIT) to accomplish their purposes. Large data companies, small entrepreneurs and investors are participating in the growth of HIT.

While the use of HIT presents enormous benefits, it also poses significant risks with respect to the privacy and security of health data. On January 25, 2013, the U.S. Department of Health and Human Services (“HHS”) announced the final omnibus rule amending the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) in accordance with the HITECH Act of 2009 (the “2013 Amendments”). The 2013 Amendments, which are effective on March 26, 2013 (with some exceptions), supplement and modify the HIPAA Privacy, Security, Breach Notification and Enforcement Rules (the “HIPAA Rules”). Click here to read more about the key ways in which the 2013 Amendments impact HIT.

Duane Morris is issuing a series of Alerts on the 2013 Amendments, including an Overview Summary of the HIPAA Amendments. Please see the in-depth Alerts already distributed by the firm on changes under the 2013 Amendments to the definition of a business associate, changes to the breach notification requirements, key details about the minimum necessary standard, changes to the obligation of group health plans in regards to breaches of protected health information and highlights on the section of the HIPAA amendments that applies to genetic information. We will continue to issue Alerts on discrete HIPAA topics.