As a reminder the Department of Health & Human Services (HHS) has published new rules/ updates to the HIPAA Privacy, Security, and Enforcement Breach Notification Rules; that were originally published as part of the Health Information Technology for Economic and Clinical Health Act or HITECH Act. Some of these updates include:
- Expanding the definition and liability of a Business Associate
- Redefining what is considered a breach of Protected Health Information (PHI)
- Changes to what is considered a permissible use and disclosure of PHI
- Expansion of a patient’s rights to access their PHI
These new rules became effective on March 26, 2013; however you have until September 23, 2013 to become fully compliant with the new regulations.
To review how these updates may affect you please see the April and May 2013 issues of the O&P Almanac.