Header graphic for print
Physician Law Current news, updates, & useful tips relating to legal issues affecting physicians & non-institutional providers in their personal & professional lives

Health and Human Services Releases New HIPAA Regulations

Posted in Medicare

Last week the U.S. Department of Health and Human Services (HHS) released final regulations modifying existing HIPAA enforcement, privacy and security regulations. Although a number of the changes merely serve as clarification of existing regulations, the modifications impose a number of new requirements on covered entities and business associates.

Some of the important issues addressed in the new rules include the following:

  • Clarification of the definition of a privacy breach;
  • Adoption of risk assessment factors to be taken into consideration in conducting a breach analysis;
  • Modifications to the limitations on the use and disclosure of protected health information for marketing and fundraising purposes;
  • Modifications regarding business associates including changes to the definition of a business associates and when business associates may held directly liable for violations;
  • Modifications to the required terms in business associate agreements; and
  • Modifications that covered entities are required to make to their Notices of Privacy Practices.

The new regulations take effect on March 26, 2013 and covered entities and business associates have until September 23, 2013 to comply. The regs were published in the Federal Register on January , 2013 and can be viewed here Federal Register.

Check back for more detail on the required business associates and NPP changes.