As a reminder the Department of Health & Human Services (HHS) has published new rules/ updates to the HIPAA Privacy, Security, and Enforcement Breach Notification Rules; that were originally published as part of the Health Information Technology for Economic and Clinical Health Act or HITECH Act. Some of these updates include:
- Expanding the definition and liability of a Business Associate
- Redefining what is considered a breach of Protected Health Information (PHI)
- Changes to what is considered a permissible use and disclosure of PHI
- Expansion of a patient’s rights to access their PHI
These new rules became effective on March 26, 2013; however you have until September 23, 2013 to become fully compliant with the new regulations.