February 26, 2013. Today, we examine the HIPAA Rules enforcement role established by the HITECH Act for State attorneys general as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. As of February 18, 2009, Section 13410(e) of the HITECH Act granted State attorneys…
Category: Security
HIPAA Final Rule: Enforcement–Factors for Determining Civil Money Penalties for HIPAA Violations
February 25, 2013. Today, we examine factors considered in determining the amount of a civil money penalty for a HIPAA violation that are modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. The Department of Health and Human Services (HHS) identified “five general factors”…
HIPAA Final Rule: Enforcement: Four Penalty Tiers
February 21, 2013. Today, we examine the four penalty tiers for violations of HIPAA Rules in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. We start with two definitions, the first of which, Reasonable cause, was modified in the Final Rule, and the second of…
HIPAA Final Rule: Enforcement: Willful Neglect
February 20, 2013. Today, we begin examination of HITECH Act modifications of HIPAA Enforcement, focusing on the meaning and consequences of willful neglect in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Willful neglect is defined as “conscious, intentional failure or reckless indifference to the…
HIPAA Final Rule: Modification of Business Associate Definition, Part (6)–Exceptions
February 14, 2013. Today, we finish examining the business associate definition, focusing on exceptions, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Paragraph (4) of the modified definition outlines 4 exceptions (45 CFR 160.103, Definitions, as shown at 78 Federal Register 5688):…
HIPAA Final Rule: Modification of Business Associate Definition, Part (5)–Subcontractors
February 13, 2013. Today, we finish examining (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the last of three parts of this paragraph: “(3) Business associate includes: (iii) A subcontractor that…
HIPAA Final Rule: Modification of Business Associate Definition, Part (4)–Personal Health Record Vendor
February 12, 2013. Today, we examine the role of the personal health record vendor in paragraph (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the second of three parts of this…
HIPAA Final Rule: Modification of Business Associate Definition, Part (3)
February 11, 2013. Today, we start to examine (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the first of three parts of this paragraph, (i), which is the subject of today’s…
HIPAA Final Rule: Modification of Business Associate Definition, Parts (1) & (2)
February 8, 2013. Today, we examine (1) and (2)—the first two parts of four—of the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. As with its predecessor, the modified definition of business associate refers to “business associate means, with…
HIPAA Final Rule: Business Associate Definition
February 7, 2013. Today, we provide the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Business Associate: Definition (78 Federal Register 5688)– “(1) Except as provided in paragraph (4) of this definition, business associate means, with respect to a…