You can’t rush some things…the much anticipated HIPAA/HITECH Final Rules are out.
After nearly three years, the U.S. Department of Health and Human Services (HHS) released its final updates to the HIPAA privacy and security rules designed to implement changes contained in the HITECH Act of 2009. Changes related to the Genetic Information Nondiscrimination Act are also included.
The 563-page rule clarifies breach reporting requirements to the Office of Civil Rights, sets new rules for the use of patient-identifiable information in marketing and fundraising efforts, and expands the liability of business associates of hospitals, physicians, and other covered entities. The rule expands efforts to protect patient privacy in an increasingly digital era, and provides further clarity as to the compliance obligations of both covered entities and business associates.
The official publication of the new rule in the Federal Register is scheduled for January 25, 2013, with an effective date of March 26 and compliance requirements beginning 180 days later, or September 21, 2013. A preliminary copy of rule may be found at the attached link: https://s3.amazonaws.com/public-inspection.federalregister.gov/2013-01073.pdf. Expect a more detailed review of the new rule from Jackson Kelly’s Health Law Group in the coming days.