HIPAA Final Rule: Modification of Business Associate Definition, Part (4)–Personal Health Record Vendor

February 12, 2013.  Today, we examine the role of the personal health record vendor in paragraph (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the second of three parts of this…

READ MORE

OMB Completes Review of HIPAA/HITECH Act Privacy, Security, Enforcement Rule Modifications NPRM

On July 1, 2010, the Office of Management and Budget (OMB) completed review of the Notice of Proposed Rulemaking (NPRM) entitled: Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act](RIN:  0991-AB57).  The NPRM was received at OMB for review on April 12, 2010.  It likely will be published in the Federal Register imminently. Legal authority for the NPRM is in Sections 13400 to 13410 of Subtitle D (Privacy) of the HITECH Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009 (Public Law 111-5), enacted on February 17, 2009. Those sections cover:…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 14

From now through December, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

What’s In Your Personal Health Record?

The 800-pound gorilla at the center of health information transformation is the patient. This sleeping giant is slowly emerging from hibernation, and watch out when it wakes up. Folded into ARRA’s HITECH Act are provisions that require health care providers to “Provide patients and families with access to data, knowledge, and tools to make informed decisions and to manage their health.” If you are a caregiver, or manage a chronic disease, this policy will have a profound effect on you. While my sister and brother battled terminal aggressive cancers, it was their caregiver who carried the pharmacological list of medications, nutritional supplements, allergies, adverse reactions, near fatal overdoses, sleep patterns,…

READ MORE

HITECH Privacy Provisions Include HIPAA Privacy Definitions and New or Broadened Concepts

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE

The Definition of Vendor of Personal Health Records

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE

The Definition of Use

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE

The Definition of Treatment

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE

The Definition of State

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE

The Definition of Security

This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards. HIPAA Privacy Definitions: BreachBusiness AssociateCovered EntityDisclosureElectronic Health RecordHealth Care Operations Health Care ProviderHealth PlanNational CoordinatorPaymentPersonal Health RecordProtected Health Information SecretarySecurityStateTreatmentUseVendor Of Personal Health…

READ MORE