LTN Law Technology News
  • Home
  • News
  • Reviews
  • Commentary
  • Surveys
  • Events
  • LegalTech® Directory
  • About LTN
  • Register
  • Topics:
  • E-Discovery & Compliance
  • Litigation Support
  • Practice Management
  • Office Tech
  • Mobile Lawyer
  • Research & Libraries
  • Tech Law

Home > The HIPAA Final Rule Is a Game-Changer for Breach Notification

Font Size: increase font decrease font

The HIPAA Final Rule Is a Game-Changer for Breach Notification

By Theodore J. Kobus III All Articles 

Law Technology News

January 28, 2013

  •    
  •    
  •    
  •      
 
Ted Kobus, national co-leader of the Privacy and Data Protection Team, Baker & Hostetler

Ted Kobus, national co-leader of the Privacy and Data Protection Team, Baker & Hostetler

Your email inboxes have likely been flooded with updates regarding the U.S. Department of Health and Human Services' final rule to strengthen the privacy and security protections of health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The Final Rule, among other things, enhances a patient's privacy protections, provides individuals new rights to access their health information, and strengthens the government's ability to enforce the law. The final rule was released on January 17 and becomes effective March 26, but an organization covered by the act, i.e., a "covered entity" (CE) or "business associate" (BA) will have 180 days beyond the effective date (or September 22, 2013) to come into compliance.

Although many aspects of the breach notification rule originally mandated by the Health Information Technology for Economic and Clinical Health Act (HITECH) remain the same (including the timing of notification to the Department of Health and Human Services (HHS) and the content of the notification), there are significant changes that healthcare organizations and those that do business with them need to consider.

BUSINESS ASSOCIATES

HIPAA refers to vendors who have access to protected health information (PHI) and electronic protected health information (ePHI) as business associates. There are many examples of BAs: lawyers, consultants, medical transcriptionists, benefits managers, etc. The definition of a BA has not changed, but their liability has. BAs are now directly liable for compliance breaches for:

1. Impermissible uses and disclosures.

2. Failure to provide breach notification to the covered entity.

3. Failure to provide access to a copy of electronic protected health information to either covered entity, the individual, or the individual's designee.

4. Failure to disclose PHI where required by the Secretary of HHS to investigate or determine the business associate's compliance with the HIPAA Rules.

5. Failure to provide an accounting of disclosures.

6. Failure to comply with the requirements of the Security Rule.

A browser or device that allows javascript is required to view this content.

Continue reading

  • 1
  • 2
  • 3

Next



Subscribe to Law Technology News

You must be signed in to comment on an article

Find similar content

Companies, agencies mentioned

    
  • CE
  • British Airways PLC
  • Hitech
  • KPMG LLC
  • Office for Civil Rights
  • United States Department of Health and Human Services

Most viewed stories

    
  1. iPad Competition Heats Up
    •      
  2. How to Pick the Best Cloud
    •      
  3. What to Do About High Data Breach Costs
    •      
  4. 7 Cybersecurity, Forensics Tools to Watch
    •      
  5. kCura Releases Relativity 8
    •      
  6. 12-on-12 What to Read When the Heat Arrives
    •      
  7. YesLaw Integrates With LexisNexis CaseMap and TextMap
    •      
  8. 5 Data Breach Risks You Can Prevent
    •      
  9. Discovery on Discovery Demands Cost-Shifting
    •      
  10. Laptops Are So 2007
    •      
lawjobs.com

TOP JOBS

MORE JOBS

POST A JOB

From the Law.com Network

Corporate Cyberattacks Come Out of the Shadows

Minority-Owned Firm Makes Microsoft's Premier List

Proskauer, Former CFO Settle Bias Suit

Global Firms Cope With Istanbul Unrest

D.C. Circuit Nominations a Defining Moment

D.C. Circuit Nominees Widely Respected Within the Bar

iPad Competition Heats Up

Discovery on Discovery Demands Cost-Shifting

The Recorder 25: California Golden Again for Many Firms
  •      
    • Subscription Required

Capital Accounts: Judicial Branch's Brothers Don't See Eye to Eye
  •      
    • Subscription Required

Miami Photographer Sues Pop Star Justin Bieber
  •      
    • Subscription Required

Jeremy Alters Settles With Argentinian Firm For $1 Million
  •      
    • Subscription Required

Court Sets Down Procedure for Discovery in Child Porn Cases
  •      
    • Subscription Required

Fixes Urged for Jury Questions in Complex Medical Malpractice Suits

The Affordable State-Specific Practice Solution
Available in NY, NJ, PA and CT editions - research, draft and prepare even the most complex cases with ease.

NYLJ 100

Circuit Orders Return of Child to Singapore
  •      
    • Subscription Required

Pa. Justices Uphold Mandatory Judicial Retirement

Senate Mulling Bill Aimed at Redefining Child Abuse

Sorry, Charlie, Your Wife Won't Support You

Top Reasons to Take Your Husband's Name

DA Rosemary Lehmberg Faces Second Removal Suit
  •      
    • Subscription Required

Court Upholds Disqualification of Bickel & Brewer
  •      
    • Subscription Required

'Gideon's Army' Rallies Its Troops For Justice

Kia Case To Put New Open Records Act To Test
  •      
    • Subscription Required

Chimp Attack Victim Is Denied $150M State Lawsuit

Auto Body Case May Lead To CUTPA Reassessment
  •      
    • Subscription Required

  • About LTN   |
  • Contact LTN   |
  • Advertise with Us   |
  • Sitemap
  • About |
  • ALM Properties |
  • ALM Reprints |
  • Customer Support |
  • Privacy Policy (updated 6/14/13) |
  • Terms & Conditions |
  • ALM User License Agreement
ALM Media