• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

New HIPAA/HITECH Act Rules Require Compliance in February

February 3, 2010 Health IT and HITECH No Comments

Three new HIPAA/HITECH Act rules go into effect this month:

Two weeks from today, on Wednesday, February 17, 2010, Business Associates of Covered Entities must comply with the HIPAA Security Rule.  For the first time Business Associates will be regulated by the federal government.  Section 13401 of Subtitle D (Privacy) of the HITECH Act (42 USC 17931) states that “[t]he additional requirements of this title that related to security and that are made applicable with respect to Covered Entities shall also be applicable to such a Business Associate and shall be incorporated into the business associate agreement between the business associate and the covered entity.” [Public Law 111-5, p.260]  In addition, penalties that apply to Covered Entities also will apply to Business Associates for noncompliance with the provisions of the Security Rule.

The next day, Thursday, February 18, 2010, a new restriction on disclosure of protected health information goes into effect that impacts Covered Entity health care providers.  According to Section 13405 of Subtitle D of the HITECH Act (42 USC 17935), a health care provider must honor a patient request to restrict disclosure of protected health information to a health plan for purposes other than carrying out treatment (namely, payment or health care operations) if the patient pays the health care provider out of pocket in full.

Finally, on Monday, February 22, 2010, enforcement of the Breach Notification Rule goes into effect for “failure to provide the required notifications for breaches” of unsecured protected health information discovered on or after the February 22 date.  [74 Federal Register 42757, August 24, 2009].  The Breach Notification Rule applies to Covered Entities and Business Associates, provides obligations for each regarding compilation and reporting of information pertaining to a breach by either party, and requires “incorporation [of those obligations] into the Business Associate Agreement between the Business Associate and the Covered Entity.” [42 USC 17934] [02/03/2010]

No Comments
Share
0

You also might be interested in

Final HIPAA/HITECH Act Privacy, Security, Enforcement, Breach Notification Rules Published in Federal Register January 25, 2013.

Jan 25, 2013

January 25, 2013.  The Final Rule is published, at last![...]

HIPAA Final Rule: Covered Entities–Permitted Uses and Disclosures & Required Disclosures

Mar 4, 2013

March 4, 2013.  Today, we start going through the HIPAA[...]

Audit Control: What This HIPAA Security Rule Technical Safeguard Standard Means

Jun 9, 2009

This is the second Technical Safeguard Standard of the HIPAA[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next