O n January 17 the U.S. Department of Health and Human Services (HHS) Office for Civil Rights finally released its much-anticipated final rule implementing many provisions of the HITECH Act amendments to HIPAA included in the American Recovery and Reinvestment Act of 2009. The final rule includes amendments to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules.

The amended rules implement many significant changes, including:

  • •  A new standard in the Breach Notification Rule for notification of affected individuals of a data breach involving personal health information (PHI), including a presumption in favor of notification
  • •  Required changes to institutional notifications of HIPAA privacy practices
  • •  New requirements affecting business associates, including a broadened definition of "business associate," a downstream application of HIPAA obligations to subcontractors of business associates, a requirement that health care components of institutional HIPAA hybrid entities now include all institutional business associate functions, and necessary changes to all business associate agreements
  • •  Changes regarding the required authorizations for the use of PHI in connection with current and future research
  • •  Expanded right of patient access to electronic PHI
  • •  Increased agency enforcement penalties and powers

Although the final rule is effective March 26, 2013, most covered entities and business associates will have until September 23, 2013 to comply with its provisions. There is also an additional transitional period that will allow covered entities and business associates to bring their agreements into compliance. The Enforcement Rule however is effective and applies on March 26.

In this virtual seminar, designed for those with experience with and a working knowledge of HIPAA, our panel will review the most important changes and compliance obligations contained in the final rule, and describe the steps institutions need to take to achieve compliance by September 23. Please join us for an in-depth review of the most important features of these new HIPAA rules for your institution. Register today!