HIPAA Final Rule: Notice of Privacy Practices for Protected Health Information: Content of Notice (1)

March 22, 2013.  Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. We begin a two-day examination of the modifications pertaining to 45 CFR 164.520:  Notice of Privacy Practices for Protected…

READ MORE

HIPAA Final Rule: More on Business Associate Uses & Disclosures in the Business Associate Contract

March 11, 2013.  Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Our focus last week was on 45 CFR 164.502: Uses and disclosures of protected health information:  General Rules, and,…

READ MORE

HIPAA Final Rule: Disclosures to Business Associates

March 8, 2013.  Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Our focus this week has been on 45 CFR 164.502: Uses and disclosures of protected health information:  General Rules. …

READ MORE

HIPAA Final Rule: Business Associates–Permitted and Required Uses & Disclosures

March 5, 2013.  Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Our focus today is on business associates in 45 CFR 164.502: Uses and disclosures of protected health information:  General…

READ MORE

HIPAA Final Rule: Modification of Business Associate Definition, Part (5)–Subcontractors

February 13, 2013.  Today, we finish examining (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the last of three parts of this paragraph: “(3) Business associate includes:  (iii) A subcontractor that…

READ MORE

HIPAA Final Rule: Modified Rule for Business Associates and Subcontractors

February 6, 2013.  Today, we cover the business associate Administrative Safeguard (b) of the Security Rule, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. HIPAA did not directly regulate business associates of covered entities.  The HITECH Act’s 13401 statutorily changed that:  The…

READ MORE

Final Administrative Simplification Rules for Plan ID, NPI Addition, and ICD-10 Code Set Compliance Delay Published in Federal Register

September 5, 2012.  Today, the Federal Register published the Centers for Medicare & Medicaid Services (CMS) Final Rule:  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier [NPI] Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets.  We provided the detailed “Executive Summary” in our August 24, 2012, posting, based on the preview posting at the Federal Register’s Electronic Public Inspection Desk.  Below we provide the shorter publication “Summary” [p.54664]: “This final rule adopts the standard for a national unique health plan identifier (HPID) and establishes requirements…

READ MORE

CMS and ONC Publish Final Rules for Meaningful Use Stage 2 Security in Federal Register

September 4, 2012.  The Department of Health and Human Services (HHS) entities:  Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC), published their Final Rules for Meaningful Use Stage 2 in today’s Federal Register.  This posting focuses on the preamble relating to the following Stage 2 security objective in the CMS Final Rule entitled Medicare and Medicaid Programs; Electronic Health Record Incentive Program:  “Protect electronic health information created or maintained by the Certified EHR Technology [CEHRT] through the implementation of appropriate technical capabilities.”  Reference numbers in brackets refer to the page number(s) in the September 4, 2012,  Federal Register. Associated with this objective…

READ MORE

CMS Issues Final Administrative Simplification Final Rules Regarding Identifiers and ICD-10 Code Set Compliance Delay

August 24, 2012.  Today, the Office of Management and Budget (OMB) completed review and sent to the Federal Register for publication on September 5, 2012, the Centers for Medicare & Medicaid Services (CMS) Final Rule:  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets.  The effective date of the Rule is November 5, 2012.  Prior to publication, the Final Rule may be examined at or downloaded from the Office of the Federal Register’s Electronic Public Inspection Desk. Here…

READ MORE

Five HIPAA Compliance Activities Your Organization Must Undertake

HIPAA Administrative Simplification was enacted on August 21, 1996 as Subtitle F of Title II of Public Law 104-191. The so-called HITECH Act “Omnibus” regulation that modifies HIPAA privacy and security provisions will be published in the Federal Register by the end of this summer, according to the head of HHS’ National Coordinator for Health Information Technology, Farzad Mostashari, M.D. Based on the timeline in the Notice of Proposed Rule Making, compliance by all covered entities and their business associates would be required 240 days after publication, most likely sometime in May 2013, assuming the end-of-summer deadline is met.  All covered entities and their business associates will be required to comply with provisions of…

READ MORE