On January 17, 2013, the Department of Health and Human Services Office for Civil Rights released final rules addressing modifications to the Health Information Portability and Accountability Act (“HIPAA”) Privacy, Security, Enforcement, and Breach Notification Rules. Health care providers must comply with the new rules by September 2013.
There are four major issues addressed in the new rules. First, the final rule modifies components of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), including regulations on an individual’s right to receive electronic copies of their health information, and the required components of a provider’s notice of privacy practices. Second, the rule authorizes increased civil monetary penalties for HIPAA violations. Third, the rule modifies the breach notification requirements for unsecured protected health information. Finally, the rule incorporates the Genetic Information Nondiscrimination ACT (“GINA”) into the HIPAA Privacy Rule.
Over the next few months, Nelson Hardiman will issue further analysis on key provisions of the new rules.