A key role at HITECH Answers is to monitor breaking news and information on the subject matters we cover. The Health Insurance Portability and Accountability Act (HIPAA) is one such topic. More specifically, we keep our readers and members up to date on the timelines and release of regulations impacting HIPAA as it relates to the HITECH Actwell as look for interesting articles and information on security of electronic patient records.
Here’s is a brief timeline of the significant events impacting HIPAA in the last 9 months:
August 24, 2009
Under the HITECH Act, the following Interim Final Rule (IFR) for breach notifications is issued:
For breaches under 500 records:
- Must notify people within 60 days of breach
- Keep a log and send to Department of Health and Human Services every year
For breaches over 500 records:
- Must notify people within 60 days of breach
- Must notify major media outlet, Department of Health and Human Services, setup hotline
September 23, 2009
IFR went into effect for both Covered Entities and Business Associates.
February 18, 2010
Enforcement of IFR began for both Covered Entities and Business Associates.
June 14, 2010
The Departments of Health and Human Services (HHS), Labor (DOL), and Treasury released an interim final rule (IFR) explaining how the grandfather rules for PPACA’s insurance market reforms work.
July 8, 2010
The Department of Health and Human Services releases NPRM on Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the HITECH Act.
So, what does this mean to you if you’re a covered entity or business associate? It means now, more than ever, it’s important to be proactive in understanding new regulations as well as keeping up-to-date on HIPAA happenings through various resources. Recent penalties and fines imposed in California and Connecticut are just a start, as is the HHS “wall of shame.”
Listed below are some resources we suggest you follow to keep-up-to-date on HIPAA:
Information Law Group. This informative site recently published a two-part FAQ on the proposed modifications to HIPAA. The site overall is a great resource. Here are the links to the two-part FAQ:
FAQ on the Proposed Modifications to the HIPAA Rules: Part One
FAQ on the Proposed Modifications to the HIPAA Rules: Part Two
Association of Corporate Counsel /Lexology. This is a site for business lawyers but they do a great job of putting complex legal issues into laymen’s terms in their article posts. You must register to access their article archives but it is free. Here is the link to their most recent article:
Understanding HIPAA: including print and copy machines in your business’s compliance plan
HIPAA Compliance Journal. A really good “just the facts ma’am” blog, HIPAA Compliance Journal covers HIPAA from just about every angle.
Google e-mail alert. Interested in getting breaking news on HIPAA breaches, violations and penalties? We suggest setting up a Google e-mail alert. Create an e-mail alert with HIPAA as one of your search terms. You’ll be e-mailed results from news and the blogosphere as often as you’d like.