HHS Issues New HITECH/HIPAA Rule: Top Ten Changes

• Changes to the data breach rule will make more incidents reportable.
• Business associates are directly liable for HIPAA violations and business associate agreements must be modified.
• HIPAA enforcement is moving toward a penalty-based system and away from voluntary compliance.
• Patients have enhanced rights to electronic copies of records and some patient requests for restrictions must be honored.
• HIPAA notices of privacy practices need to be revised.
• The marketing rules require individual authorization for subsidized treatment communications.
• Researchers can obtain permission to use data for future unspecified research.
• Fundraising provisions expand the permissible use of patient data to target appeals.
• Privacy Rule protections expire for persons deceased for more than 50 years.
• Compliance with most of the new requirements will be required on September 23, 2013.

These changes are described more fully in the Hogan Lovells Privacy Alert available HERE.