HEALTH REFORM: Overview of Modifications to the HIPAA Privacy, Security, and Enforcement Rules


On January 17, 2013, the Department of Health and Human Services released the highly anticipated, 563 page, Health Insurance Portability and Accountability Act ("HIPAA") regulations (the "Final Rule") that have been delayed for over 3 years. The Final Rule will be published in the Federal Register on January 25, 2013. The Final Rule addresses many of the compliance issues and unanswered questions facing covered entities and business associates. The effective date of the Final Rule is March 26, 2013 - with a compliance date (for most provisions) by September 23, 2013 (there is an additional grace period for certain provisions). Epstein Becker Green is preparing an in-depth analysis of the Final Rule which will be forthcoming. In the meantime, below is a high level summary of the significant changes included in the Final Rule.

I. Changes to the Business Associate Relationship

The Rule affects the business associate relationship by:

1. Expanding the Definition of Business Associates:

The Final Rule explicitly expands the definition of business associates to include: Health Information Organizations; E-prescribing Gateways; other entities that provide data transmission services for covered entities and that require access on a routine basis; entities that offer a personal health record to individuals on behalf of a covered entity; and subcontractors.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.