Updates to HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted on August 21, 1996.  HIPAA required the Secretary of HHS to issue privacy regulations for individually identifiable health information, if Congress did not enact such legislation within three years of the passage of HIPAA.  Congress did not enact the aforementioned privacy legislation and HHS, through notice and comment rulemaking, implemented the Privacy Rule on December 28, 2000; with a modification in 2002.

On Feb. 17, 2009, the American Recovery and Reinvestment Act (ARRA), also known as the stimulus bill was signed into law; and contained a provision that mandated the Secretary of HHS to make updates to HIPAA. These updates are in Title XIII, the Health Information Technology for Economic and Clinical Health (HITECH) Act. HHS released its regulations affecting both the privacy and security portions of HIPAA on Aug. 23, 2009, which then became effective on September 23; however, HHS will not begin active enforcement of these new regulations until Feb. 22, 2010. This extra time is to allow you to become compliant with the new regulations.

On January 25, 2013 the Modifications to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act (GINA); Other Modifications to the HIPAA Rules; or more commonly referred to as HIPAA Omnibus Rule was released; with the intention of implementing new privacy, security and enforcement provisions to provide greater protection to a patient’s privacy and strengthen the ability of the government to enforce HIPAA; with an effective date of March 26, 2013 and mandatory compliance dates of September 23, 2013 and September 23, 2014.

For more information regarding HIPAA, the HITECH Act and the final Omnibus Rule please see the following references:

O&P Almanac articles on HIPAA and the HITECH Act January 2010 and February 2010

O&P Almanac articles on the HIPAA Omnibus Rule April 2013, May 2013, January 2014 and April 2014

Understanding HIPAA

The Complete HIPAA text (including all revisions made by the Omnibus Rule)

Guidance on the HIPAA Privacy Rule

Omnibus Rule Making & Implementation

HITECH Rule Making & Implementation

HIPAA & Cloud Computing & Storage

Office of Civil Rights Cyber Attack Checklist