Since the 2009 enactment of the Health Information Technology for Economic and Clinical Health Act (the “Act” or “HITECH Act”), compliance efforts associated with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) has remained clouded in uncertainty. On January 25, 2013, and after more than a three-year wait after the release of the July 14, 2010, proposed regulations (the “Proposed Rule”), the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services (“HHS”) published the long-awaited HITECH final rule – Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules (the “Final Rule”).

When the HITECH Act was passed, it was clear that the true import of the Act would not be felt until HHS provided the industry with the associated updated and revised regulations. Though HHS gave us a glimpse of the Act’s significance with the Proposed Rule, the Final Rule answers many of the questions (and prompts others) regarding how these changes to federal privacy and security regulations will impact the operations of covered entities and business associates.

Please see full alert below for more information.