By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    healthcare cybersecurity
    4 Helpful Tips on How to Protect Your Medical Practice Against Cyber Attacks
    October 24, 2021
    Health Check Diagnosis Medical Condition Analysis Concept
    6 Health Woes With Online Remedies
    January 19, 2022
    Eight Things Men Should Know About the Male Menopause
    Eight Things Men Should Know About the Male Menopause
    April 24, 2022
    Latest News
    The 6 Most Common Injuries Resulting from Motorcycle Accidents
    January 30, 2023
    6 Essential Strategies for Improving Your Medical Practice
    January 25, 2023
    Staying Positive While Living with Mesothelioma
    January 24, 2023
    The Many Health Benefits of Being Outdoors
    January 17, 2023
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Ultraprocessed Foods Lead to Chronic Illnesses
    April 18, 2011
    Cancer/Cell Phone Connection Challenged
    June 7, 2011
    States Ranked by Percent Obese Highlights Pervasive Negative Trend
    July 11, 2011
    Latest News
    Why Is a Referenced Based Pricing Tool Necessary?
    February 3, 2023
    Simplifying the Genetic Testing Process: How At-Home Kits are Changing the Game
    January 25, 2023
    9 Hospitals That Have Introduced Green Initiatives
    February 1, 2023
    Why a Health Retreat Can Be the Best Medicine
    January 12, 2023
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: HIPAA Final Rule on Privacy, Security, Breach Notification and Enforcement Issued, Finally
Share
Sign In
Notification Show More
Latest News
Why Is a Referenced Based Pricing Tool Necessary?
Health care
struggling with addiction
6 Signs Someone You Know Is Struggling With Addiction
Addiction Addiction Recovery
regrow teeth naturally
Advances in Stem Cell Research Can Help Regrow Teeth Naturally
Dental health
air pollution and cancer
The Proven Links Between Air Pollution and Cancer
News
investing in senior care
5 Reasons Why Investing in Senior Care Is a Wise Choice?
Senior Care
Aa
Health Works CollectiveHealth Works Collective
Aa
Search
Have an existing account? Sign In
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Policy & Law > HIPAA Final Rule on Privacy, Security, Breach Notification and Enforcement Issued, Finally
Policy & Law

HIPAA Final Rule on Privacy, Security, Breach Notification and Enforcement Issued, Finally

David Harlow
Last updated: 2013/01/19 at 9:51 AM
David Harlow
Share
7 Min Read
SHARE

The HIPAA omnibus regulation is finally out as a final reg. The HIPAA Privacy, Security, Enforcement, and Breach Notification Rules were released late yesterday, and are expected to be published in the Federal Register on January 25 here: HIPAA Final Regulation. (See the end of this post for info about an upcoming online event.)

The HIPAA omnibus regulation is finally out as a final reg. The HIPAA Privacy, Security, Enforcement, and Breach Notification Rules were released late yesterday, and are expected to be published in the Federal Register on January 25 here: HIPAA Final Regulation. (See the end of this post for info about an upcoming online event.)

UPDATE 1/21/2013: Join Brian Ahier, Deven McGraw and me, David Harlow, for a Google+ Hangout on Air Wednesday, January 23, 2013, at 11 AM PT, 2 PM ET, where we will discuss the HIPAA Final Rule. Leave us your questions as comments to this post.

Here’s the whole 563 pages:

More Read

HR staff must deal with divisive views in healthcare

HR Must Navigate Polarizing Views in Healthcare Workplaces

6 Tips for Getting Into Medical School
Do You Need Life Insurance? What Does It Cover?
5 Ways New Technology is Revolutionizing Health
Are your Health Workers Properly Protected?

HIPAA Privacy, Security, Enforcement, and Breach Notification Rules 

The accompanying presser details a few of the highlights:

The final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.

“Much has changed in health care since HIPAA was enacted over fifteen years ago,” said HHS Secretary Kathleen Sebelius.  “The new rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age.”

The changes in the final rulemaking provide the public with increased protection and control of personal health information.  The HIPAA Privacy and Security Rules have focused on health care providers, health plans and other entities that process health insurance claims.  The changes announced today expand many of the requirements to business associates of these entities that receive protected health information, such as contractors and subcontractors. Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation. The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS.

Individual rights are expanded in important ways.  Patients can ask for a copy of their electronic medical record in an electronic form.   When individuals pay by cash they can instruct their provider not to share information about their treatment with their health plan.  The final omnibus rule sets new limits on how information is used and disclosed for marketing and fundraising purposes and prohibits the sale of an individuals’ health information without their permission.

 “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” said HHS Office for Civil Rights Director Leon Rodriguez.   “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”

The final rule also reduces burden by streamlining individuals’ ability to authorize the use of their health information for research purposes.  The rule makes it easier for parents and others to give permission to share proof of a child’s immunization with a school and gives covered entities and business associates up to one year after the 180-day compliance date to modify contracts to comply with the rule.

The final omnibus rule is based on statutory changes under the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, and the Genetic Information Nondiscrimination Act of 2008 (GINA) which clarifies that genetic information is protected under the HIPAA Privacy Rule and prohibits most health plans from using or disclosing genetic information for underwriting purposes.

Most of the revisions are familiar to those of us who have tracked the proposed rules and interim final rules issued over the past several years, though there are some new ideas here, too, the result of plenty of percolating, as well as review of some of the comments filed. The effects are wide ranging, touching everything from marketing to big data to app development and beyond.  

The compliance date for the new rules will be September 23, 2013.  (The rules are effective 60 days after publication, and the compliance date is 180 days after that.)  So there will be plenty of time for OCR to issue some guidance documents as promised in the rule and for Covered Entities to get their acts together and pull together revised Notices of Privacy Practices and Business Associate Agreements, among other things. Business Associates and their subcontractors will have their share of work to do as well, now that they are within the ambit of the rule.

I am planning to present a discussion of the final rule live, on line, in the next week, together with other experts.  Watch this space for details.  If you have any questions you would like us to address, please post them as comments.

TAGGED: HIPAA Privacy Rules, patient privacy

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
David Harlow January 19, 2013
Share this Article
Facebook Twitter Copy Link Print
Share
By David Harlow
Follow:
DAVID HARLOW is Principal of The Harlow Group LLC, a health care law and consulting firm based in the Hub of the Universe, Boston, MA. His thirty years’ experience in the public and private sectors affords him a unique perspective on legal, policy and business issues facing the health care community. David is adept at assisting clients in developing new paradigms for their business organizations, relationships and processes so as to maximize the realization of organizational goals in a highly regulated environment, in realms ranging from health data privacy and security to digital health strategy to physician-hospital relationships to the avoidance of fraud and abuse. He's been called "an expert on HIPAA and other health-related law issues [who] knows more than virtually anyone on those topics.” (Forbes.com.) His award-winning blog, HealthBlawg, is highly regarded in both the legal and health policy blogging worlds. David is a charter member of the external Advisory Board of the Mayo Clinic Social Media Network and has served as the Public Policy Chair of the Society for Participatory Medicine, on the Health Law Section Council of the Massachusetts Bar Association and on the Advisory Board of FierceHealthIT. He speaks regularly before health care and legal industry groups on business, policy and legal matters. You should follow him on Twitter.
Previous Article How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
Next Article State Medical Boards Address Inappropriate Online Physician Behaviors

Stay Connected

1.5k Followers Like
4.5k Followers Follow
2.8k Followers Pin
136k Subscribers Subscribe

Latest News

Why Is a Referenced Based Pricing Tool Necessary?
Health care February 3, 2023
struggling with addiction
6 Signs Someone You Know Is Struggling With Addiction
Addiction Addiction Recovery February 2, 2023
regrow teeth naturally
Advances in Stem Cell Research Can Help Regrow Teeth Naturally
Dental health February 1, 2023
air pollution and cancer
The Proven Links Between Air Pollution and Cancer
News February 1, 2023

You Might also Like

Health care

Why Is a Referenced Based Pricing Tool Necessary?

February 3, 2023
at-home genetic testing method kits
Global Healthcare

Simplifying the Genetic Testing Process: How At-Home Kits are Changing the Game

January 25, 2023
green hospitals
Hospital Administration

9 Hospitals That Have Introduced Green Initiatives

January 20, 2023
benefits of going on a health retreat
Global HealthcareHealth

Why a Health Retreat Can Be the Best Medicine

January 12, 2023
//

We influence million of users and is the most authentic source of information on healthcare business and technology news.

Quick Links

  • About
  • Contact
  • Privacy
Subscribe

Subscribe to our newsletter to get our newest articles instantly!

Follow US

© 2008-2023 HealthWorks Collective. All Rights Reserved.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?