HIPAA Final Rule: Modification of Business Associate Definition, Part (6)–Exceptions

February 14, 2013.  Today, we finish examining the business associate definition, focusing on exceptions, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Paragraph (4) of the modified definition outlines 4 exceptions (45 CFR 160.103, Definitions, as shown at 78 Federal Register 5688):…

READ MORE

HIPAA Final Rule: Modification of Business Associate Definition, Part (5)–Subcontractors

February 13, 2013.  Today, we finish examining (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the last of three parts of this paragraph: “(3) Business associate includes:  (iii) A subcontractor that…

READ MORE

HIPAA Final Rule: Modification of Business Associate Definition, Part (4)–Personal Health Record Vendor

February 12, 2013.  Today, we examine the role of the personal health record vendor in paragraph (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the second of three parts of this…

READ MORE

HIPAA Final Rule: Modification of Business Associate Definition, Part (3)

February 11, 2013.  Today, we start to examine (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the first of three parts of this paragraph, (i), which is the subject of today’s…

READ MORE

HIPAA Final Rule: Modification of Business Associate Definition, Parts (1) & (2)

February 8, 2013.  Today, we examine (1) and (2)—the first two parts of four—of the business associate definition, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. As with its predecessor, the modified definition of business associate refers to “business associate means, with…

READ MORE

HIPAA Final Rule: Business Associate Definition

February 7, 2013.  Today, we provide the business associate definition, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Business Associate:  Definition (78 Federal Register 5688)– “(1) Except as provided in paragraph (4) of this definition, business associate means, with respect to a…

READ MORE

HIPAA Final Rule: Modified Rule for Business Associates and Subcontractors

February 6, 2013.  Today, we cover the business associate Administrative Safeguard (b) of the Security Rule, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. HIPAA did not directly regulate business associates of covered entities.  The HITECH Act’s 13401 statutorily changed that:  The…

READ MORE

HIPAA Final Rule: Security Standards, General Rules & Administrative Safeguard Modifications

February 5, 2013.  Today, we cover the modifications to Security Standards:  General Rules, and Administrative Safeguards in the HIPAA Security Rule, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Security Standards:  General Rules.  The five General Rules govern how the administrative, physical,…

READ MORE

Final HIPAA Rule: Security Statutory Authority and Direct Regulation of Business Associates

February 4, 2013.  Today, we cover the security safeguards of the HIPAA Security Rule, as Modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. The statutory authority for applicability of the HIPAA Security Rule is in Section 13401 of the HITECH Act (123 STAT….

READ MORE

HIPAA Final Rule: Business Associate Notification Timing, Policy and Procedure Updates, Retraining, and Documentation

February 1, 2013.  Today, we wrap up discussion of breach notification in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules.  The Final Rule is effective on March 26, 2013, and requires compliance by covered entities and business associates on September 23, 2013.  The focus is on timing of reporting a breach by a business associate to a covered entity, and, because the definition of breach was modified in the Final Rule, on the requirements to update policies and procedures,…

READ MORE