June 7, 2013. Today, HHS published in the Federal Register “Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules” that were published on January 25, 2013, as the Final Rule: “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules.” According to the “Summary“ in today’s Corrections Final Rule: “These technical corrections address certain inadvertent errors and omissions in the HIPAA Privacy, Security, and Enforcement Rules that are located at 45 CFR parts 160 and 164. The effective date of the Corrections Final…
Tag: Enforcement
HIPAA Final Rule: Today is Effective Date–Covered Entities and Business Associates Have 180 Days to Comply
March 26, 2013. Today is the first big milestone since the January 25, 2013, publication in the Federal Register of the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules. Today is the effective date of the Final Rule, and covered entities and business associates must comply by September 23, 2013. “Significant rules (defined by Executive Order 12866) and major rules (defined by the Small Business Regulatory Enforcement Fairness Act) are required to have a 60 day delayed effective date,” which…
HIPAA Final Rule: Enforcement by State Attorneys General
February 26, 2013. Today, we examine the HIPAA Rules enforcement role established by the HITECH Act for State attorneys general as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. As of February 18, 2009, Section 13410(e) of the HITECH Act granted State attorneys…
HIPAA Final Rule: Enforcement–Factors for Determining Civil Money Penalties for HIPAA Violations
February 25, 2013. Today, we examine factors considered in determining the amount of a civil money penalty for a HIPAA violation that are modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. The Department of Health and Human Services (HHS) identified “five general factors”…
HIPAA Final Rule: Enforcement: Four Penalty Tiers
February 21, 2013. Today, we examine the four penalty tiers for violations of HIPAA Rules in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. We start with two definitions, the first of which, Reasonable cause, was modified in the Final Rule, and the second of…
HIPAA Final Rule: Enforcement: Willful Neglect
February 20, 2013. Today, we begin examination of HITECH Act modifications of HIPAA Enforcement, focusing on the meaning and consequences of willful neglect in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Willful neglect is defined as “conscious, intentional failure or reckless indifference to the…
HIPAA Final Rule: Genetic Information Nondiscrimination Act: Manifestation or Manifested
February 19, 2013. Today, we finish examination of modifications of HIPAA Privacy under the Genetic Information Nondiscrimination Act (GINA), by focusing on the definition: manifestation or manifested. The modifications of HIPAA Privacy are in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. We presented in…
HIPAA Final Rule: Modification of Business Associate Definition, Part (6)–Exceptions
February 14, 2013. Today, we finish examining the business associate definition, focusing on exceptions, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Paragraph (4) of the modified definition outlines 4 exceptions (45 CFR 160.103, Definitions, as shown at 78 Federal Register 5688):…
HIPAA Final Rule: Business Associate Definition
February 7, 2013. Today, we provide the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Business Associate: Definition (78 Federal Register 5688)– “(1) Except as provided in paragraph (4) of this definition, business associate means, with respect to a…
Final HIPAA/HITECH Act Privacy, Security, Enforcement, Breach Notification Rules Published in Federal Register January 25, 2013.
January 25, 2013. The Final Rule is published, at last! Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule cleared the Office of Management and Budget on January 16, was issued online on the Federal Register’s Electronic Public Inspection Desk in pre-publication format on January 17, and published in the Federal Register today. The Final Rule is 136 pages (pp.5566-5702). The effective date of the Final Rule is Tuesday, March 26, 2013, and the compliance date is Monday, September 23, 2013. Here is the…