Tag Archives: health information technology

New HIPAA Breach Notification Rule May Prove Costly for HIPAA-Covered Entities

One of the most significant changes in the final HIPAA amendments is the Breach Notification Rule, which modifies and clarifies the definition of “breach” and the risk-assessment approach required for breach notification. In light of this heightened standard, covered entities, business associates and downstream contractors should consider carefully reviewing their breach notification policies and procedures, training materials and contractual arrangements in an effort to avoid potential liability under the Breach Notification Rule.

Click here for more information on the most significant changes to the Breach Notification Rule.

Final HIPAA Amendments Expand HIPAA Net: Business Associates Now Required to Enter into Business Associate Agreements with Subcontractors

Among the most significant changes of the Final HIPAA amendments are the provisions that extend the Privacy and Security Rules’ stringent compliance obligations to business associates (BA) and expand the definition of BAs to include subcontractors of BAs. Why the changes? The HITECH Act of 2009 specifically extends direct liability to BAs and expands the list of obligations for BAs. The Department of Health & Human Services extends BA obligations even further to ensure the privacy and security of all PHI throughout the HIPAA ecosystem.

Click here to read a summary of the key provisions under the 2013 amendments, as well as factors that may be worthwhile for covered entities and business associates to consider in light of these amendments.

HHS (Finally) Announces The HIPAA/HITECH Amendments

On January 17, 2013 the federal Department of Health & Human Services (“HHS”) announced a final omnibus rule that details amendments to the privacy, security, data breach and enforcement rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The 2013 HIPAA Amendments (which, with commentary from HHS, weighs in at 563 pages) are closely based on statutory changes under the HITECH Act of 2009, and were previewed in proposed and interim rules issued by HHS several years ago. Continue reading HHS (Finally) Announces The HIPAA/HITECH Amendments