We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

HHS Issues New HITECH/HIPAA Rule: Top Ten Changes

Marcy Wilder

HL Chronicle of Data Protection

22 January 2013
HHS Issues New HITECH HIPAA Rule Top Ten ChangesIn the most significant change to HIPAA since the law was enacted, the Department of Health and Human Services issued an omnibus HIPAA regulation, which will require substantial operational changes for HIPAA covered entities and their business associates.  Ten important changes are:

  • Changes to the data breach rule will make more incidents reportable.
  • Business associates are directly liable for HIPAA violations and business associate agreements must be modified.
  • HIPAA enforcement is moving toward a penalty-based system and away from voluntary compliance.
  • Patients have enhanced rights to electronic copies of records and some patient requests for restrictions must be honored.
  • HIPAA notices of privacy practices need to be revised.
  • The marketing rules require individual authorization for subsidized treatment communications.
  • Researchers can obtain permission to use data for future unspecified research.
  • Fundraising provisions expand the permissible use of patient data to target appeals.
  • Privacy Rule protections expire for persons deceased for more than 50 years.
  • Compliance with most of the new requirements will be required on September 23, 2013.

These changes are described more fully in the Hogan Lovells Privacy Alert available HERE.

Marcy Wilder

HL Chronicle of Data Protection

Cybersecurity in the Health Sector

The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...

02 May 2016
Loading data