A Summary of Proposed Changes to HIPAA Privacy, Security and Enforcement Rules


The following summarizes the major changes to and new provisions of the HIPAA Privacy, Security, and Enforcement Rules proposed by the Department of Health and Human Services (HHS) in its notice of proposed rulemaking published July 14, 2010 (75 Fed. Reg. 40867). Many of these changes are proposed to implement the HITECH Act, but several of the changes go beyond the provisions of the statute. Other topics covered in this rulemaking were not raised by the HITECH Act and are instead proposed to address issues HHS has identified based on its experience interpreting and administering the rules. Some subjects covered by the HITECH Act, such as breach notification and accounting for disclosures from electronic health records, were not covered in this rulemaking and so are not discussed below. The public comment period on this proposed rulemaking ends September 13, 2010. Unless otherwise noted below, the compliance deadline for these proposed requirements will be 180 days from the date of publication of the final rule.

While there are many reasons for the regulated community to be concerned about these and other recent changes to HIPAA regulations, some of the more compelling reasons include....

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Reporters on Deadline


Poyner Spruill has offices in Raleigh, Charlotte, Rocky Mount, and Southern Pines, North Carolina,... View Profile »

Follow Poyner Spruill LLP: