|
HIPAA Final Rule: Business Associates–Permitted and Required Uses & DisclosuresMarch 5, 2013. Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Tomorrow, we look at the first of two categories of modified prohibited uses and disclosures regulations: use and disclosure of genetic information for underwriting purposes. |
|
|
HIPAA Final Rule: Modification of Business Associate Definition, Part (6)–ExceptionsFebruary 14, 2013. Today, we finish examining the business associate definition, focusing on exceptions, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Tomorrow, we begin to examine new definitions in the Final Rule, and next week we look at modifications in the Final Rule regarding enforcement. |
|
|
HIPAA Final Rule: Modification of Business Associate Definition, Parts (1) & (2)February 8, 2013. Today, we examine (1) and (2)—the first two parts of four—of the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Monday, we begin examination of the new provisions of the modified business associate definition in part (3) of 4 parts. |
|
|
HIPAA Final Rule: Business Associate DefinitionFebruary 7, 2013. Today, we provide the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. HIPAA.com will discuss each of the 4 categories over the next five days, beginning tomorrow with (1) and (2). Monday through Wednesday next week will focus on each of the three new categories in (3), and Thursday will conclude the discussion with (4), the business associate exclusions. |
|
|
HIPAA Final Rule: More on Breach Notification Rule ChangesJanuary 31, 2013. Today, we briefly identify key changes or reminders regarding breach notification in the preamble of the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules, published in the Federal Register on January 25, 2013. The Final Rule becomes effective March 26, 2013 and requires compliance by covered entities and business associates on September 23, 2013. Earlier this week, we have examined the changed definition of breach, the substitution of the “probability standard” for the current “harm standard” underpinning a risk assessment to determine if unsecured protected health information has been compromised by impermissible use or disclosure such that a breach notification is required, and the importance of the Guidance in securing protected health information. Tomorrow, we wrap up discussion of the breach notification rule. Next week, February 4-8, HIPAA.com looks at the modifications to the Security Rule. |
|
|
OCR Reports 107 Breaches Affecting Over 4 Million Individuals (II)The Office for Civil Rights (OCR) regularly updates its Web site listing of breaches affecting 500 or more individuals. As of July 2, 2010, there were 107 breaches listed that were reported to have occurred between September 22, 2009 and June 11, 2010. Individuals affected by these publicly listed breaches totaled 4,086,980. Six of the 107 breaches, or 5.6% of the total, affected 3,353,627 individuals, or 82% of the total. This is the second of three postings that analyzes the data from these 107 breaches. This posting (II) covers paper breaches. The first posting (I) covered electronic breaches, and the final posting (III) looks at the prevalence of business associate involvement. |
|
|
OCR Reports 107 Breaches Affecting Over 4 Million Individuals (I)As of the July 4th holiday weekend, the Office for Civil Rights (OCR) has updated again its Web site listing of breaches affecting 500 or more individuals. As of July 2, 2010, there were 107 breaches listed that were reported to have occurred between September 22, 2009 and June 11, 2010. Individuals affected by these publicly listed breaches totaled 4,086,980. Six of the 107 breaches, or 5.6% of the total, affected 3,353,627 individuals, or 82% of the total. This is the first of three postings that analyzes the data from these 107 breaches. This posting (I) covers electronic breaches, the next posting (II) covers hard copy (paper) breaches, and the final posting (III) looks at the prevalence of business associate involvement. |
|
|
FTC Delays Enforcement of FTC Red Flags Rule Fifth TimeThe original FTC Red Flags Rule compliance date deadline was extended three times from the original date of November 1, 2008, with an expected compliance date of November 1, 2009. Just prior to that date, the FTC extended for the fourth time the deadline for compliance to June 1, 2010. On May 28, 2010, the June 1, 2010, compliance date was extended a fifth time to December 31, 2010. |
Syndicate this site
Sign up for email updates
Follow HIPAA.com on Twitter