HIPAA Final Rule: More on Breach Notification Rule Changes

January 31, 2013.  Today, we briefly identify key changes or reminders regarding breach notification in the preamble of the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules, published in the Federal Register on January 25, 2013.  The Final Rule becomes effective March 26, 2013 and requires compliance by covered entities and business associates on September 23, 2013.  Earlier this week, we have examined the changed definition of breach, the substitution of the “probability standard” for the current “harm standard” underpinning…

READ MORE

HIPAA Final Rule: Breach Risk Assessment Factors for “Probability Standard”

January 29, 2013.  Today, we cover the four risk assessment factors pertaining to breach notification in the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules:  Final Rule that was published in the Federal Register on Friday, January 25, 2013.  As discussed in yesterday’s post, these risk assessment factors are used in assessing the probability of impermissible use or disclosure compromising protected health information, thereby requiring breach notification. This “probability standard” replaces the “harm standard,” becomes effective March 26, 2013, and requires compliance…

READ MORE

Final HIPAA/HITECH Act Privacy, Security, Enforcement, Breach Notification Rules Published in Federal Register January 25, 2013.

January 25, 2013.  The Final Rule is published, at last!  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule cleared the Office of Management and Budget on January 16, was issued online on the Federal Register’s Electronic Public Inspection Desk in pre-publication format on January 17, and published in the Federal Register today.  The Final Rule is 136 pages (pp.5566-5702).  The effective date of the Final Rule is Tuesday, March 26, 2013, and the compliance date is Monday, September 23, 2013. Here is the…

READ MORE

Final Administrative Simplification Rules for Plan ID, NPI Addition, and ICD-10 Code Set Compliance Delay Published in Federal Register

September 5, 2012.  Today, the Federal Register published the Centers for Medicare & Medicaid Services (CMS) Final Rule:  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier [NPI] Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets.  We provided the detailed “Executive Summary” in our August 24, 2012, posting, based on the preview posting at the Federal Register’s Electronic Public Inspection Desk.  Below we provide the shorter publication “Summary” [p.54664]: “This final rule adopts the standard for a national unique health plan identifier (HPID) and establishes requirements…

READ MORE

HHS Publishes NPRM for HIPAA Health Plan Identifier and Delay for ICD-10 Compliance Date

April 17, 2012.  The Office of the Secretary of the Department of Health and Human Services (HHS) published today in the Federal Register its Notice of Proposed Rule Making (NPRM):  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for ICD-10-CM and (CD-10-PCS Medical Data Code Sets. From the NPRM is the Summary of the Major Provisions: “a. HPID.  This rule proposes the adoption of the HPID [national unique health plan identifier] as the standard for the unique identifier for health plans and definitions for ‘Controlling Health Plan’ and ‘Subhealth Plan.’ The proposed…

READ MORE

5010/D.0 Effective Date Tuesday, March 17, 2009; Compliance Date January 1, 2012

The version modification to the HIPAA Administrative Simplification transaction standards becomes effective Tuesday, March 17, 2009. Here are several critical things to know, drawn directly from the final rule published in the Federal Register on January 16, 2009. The final rule is available for download on the HIPAA.com site. Effective Date: The effective date [March 17, 2009] is the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted. [74 Federal Register 3302] Compliance Date: On January 1, 2012, all covered entities will have reached Level 2 compliance, and must be fully compliant in using Versions 5010 and D.0…

READ MORE

Is Your Covered Entity Preparing for 5010/D.0 Testing? Part 2: Level 2 Testing

On March 17, 2009, the Final Rules for Modifications to the Health Insurance Portability and Accountability Act (HIPAA) become effective. HIPAA.com has available for download the final rules for 5010/D.0 as published in the Federal Register on January 16, 2009 (pp.3295-3328). The effective date is “the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted.” [p.3302]. All covered entities are to be in compliance with 5010/D.0 on January 1, 2012. Testing can occur “from the date of the final rule until the compliance date for Versions 5010 and D.0.” [p. 3306] The Final Rules outline two levels of…

READ MORE

Is Your Covered Entity Preparing for 5010/D.0 Testing? Part 1: Level 1 Testing

On March 17, 2009, the Final Rules for Modifications to the Health Insurance Portability and Accountability Act (HIPAA) become effective. HIPAA.com has available for download the final rules for 5010/D.0 as published in the Federal Register on January 16, 2009 (pp.3295-3328). The effective date is “the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted.” [p.3302]. All covered entities are to be in compliance with 5010/D.0 on January 1, 2012. Testing can occur “from the date of the final rule until the compliance date for Versions 5010 and D.0.” [p. 3306] The Final Rules outline two levels of…

READ MORE