HIPAA Regulations Released

HIPAA Regulations Released
by Leslie Thomson


Recent changes to the HIPAA privacy and security rules have taken a backseat to health care reform.  However, on January 17, 2013, the Department of Health and Human Services issued long-anticipated final omnibus regulations that will require changes to HIPAA-related policies and procedures.  Covered entities – including health plans – can no longer afford to ignore these rules. 

These regulations update HIPAA’s privacy, security, enforcement and breach notification requirements for changes enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act (GINA).  Covered entities must update their HIPAA documentation and workforce training and be prepared to comply with these new rules by September 23, 2013. 

Among other things, the regulations change the breach reporting standards by presuming a breach has occurred unless the covered entity can demonstrate a low probability that the protected health information has not been compromised.  This will likely increase the number of reportable breaches.  The regulations also address business associates’ direct liability for HIPAA compliance.

These regulations are comprehensive and are intended to strengthen an individual's privacy and security protections, as well as improve enforcement capabilities. The Benefits Law Group is currently reviewing these regulations to determine how they will affect our clients. We anticipate most plan sponsors will need to update their HIPAA policies and procedures, business associate agreements and privacy notices to meet the new mandates by September 23, 2013. For more information on the impact of the HIPAA regulations, please contact a member of the Benefits Law Group.


Unless you are a current client of Holland & Hart LLP, please do not send any confidential information by email. If you are not a current client and send an email to an individual at Holland & Hart LLP, you acknowledge that we have no obligation to maintain the confidentiality of any information you submit to us, unless we have already agreed to represent you or we later agree to do so. Thus, we may represent a party adverse to you, even if the information you submit to us could be used against you in a matter, and even if you submitted it in a good faith effort to retain us.