HEALTH REFORM: Overview of Modifications to the HIPAA Privacy, Security, and Enforcement Rules


On January 17, 2013, the Department of Health and Human Services released the highly anticipated, 563 page, Health Insurance Portability and Accountability Act ("HIPAA") regulations (the "Final Rule") that have been delayed for over 3 years. The Final Rule will be published in the Federal Register on January 25, 2013. The Final Rule addresses many of the compliance issues and unanswered questions facing covered entities and business associates. The effective date of the Final Rule is March 26, 2013 - with a compliance date (for most provisions) by September 23, 2013 (there is an additional grace period for certain provisions). Epstein Becker Green is preparing an in-depth analysis of the Final Rule which will be forthcoming. In the meantime, below is a high level summary of the significant changes included in the Final Rule.

I. Changes to the Business Associate Relationship

The Rule affects the business associate relationship by:

1. Expanding the Definition of Business Associates:

The Final Rule explicitly expands the definition of business associates to include: Health Information Organizations; E-prescribing Gateways; other entities that provide data transmission services for covered entities and that require access on a routine basis; entities that offer a personal health record to individuals on behalf of a covered entity; and subcontractors.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Epstein Becker & Green | Attorney Advertising

Written by:


Epstein Becker & Green on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.