HIPAA Regulations Released
by
Leslie Thomson
Recent changes to the HIPAA privacy and security rules have taken a backseat to health care reform. However, on January 17, 2013, the Department of Health and Human Services issued long-anticipated final omnibus regulations that will require changes to HIPAA-related policies and procedures. Covered entities – including health plans – can no longer afford to ignore these rules.
These regulations update HIPAA’s privacy, security, enforcement and breach notification requirements for changes enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act (GINA). Covered entities must update their HIPAA documentation and workforce training and be prepared to comply with these new rules by September 23, 2013.
Among other things, the regulations change the breach reporting standards by presuming a breach has occurred unless the covered entity can demonstrate a low probability that the protected health information has not been compromised. This will likely increase the number of reportable breaches. The regulations also address business associates’ direct liability for HIPAA compliance.
These regulations are comprehensive and are intended to strengthen an individual's privacy and security protections, as well as improve enforcement capabilities. The Benefits Law Group is currently reviewing these regulations to determine how they will affect our clients. We anticipate most plan sponsors will need to update their HIPAA policies and procedures, business associate agreements and privacy notices to meet the new mandates by September 23, 2013. For more information on the impact of the HIPAA regulations, please contact a member of the Benefits Law Group.
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author(s). This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.