Federal Government Releases Long-Awaited Changes to HIPAA Rules: All Covered Entities and Business Associates Are Affected


Yesterday (January 17, 2013), the Health and Human Services Office for Civil Rights (“OCR”) released a long-awaited final rule (the “Final Rule”) adopting far-reaching changes to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Final Rule made changes to HIPAA’s privacy, security and enforcement rules. The OCR called these changes “the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented.”

The text of the Final Rule can be found here: https://s3.amazonaws.com/public-inspection.federalregister.gov/2013-01073.pdf. The Final Rule is effective March 26, but covered entities and business associates have until September 23 to comply, leaving a small window of time to ensure compliance. All HIPAA covered entities and business associates will be impacted by heightened compliance standards and increased enforcement. We will provide a summary of the new HIPAA changes once we’ve had a chance to review all 563 pages of the final rule.

In the meantime, feel free to contact us with any questions.

Mike Igel is Chairman of Trenam Kemker’s Health Care Audit Defense Team.