HIPAA.com

HIPAA Final Rule: Genetic Information Nondiscrimination Act (GINA) Definitions

February 15, 2013. Today, we present several new definitions relating to the Genetic Information Nondiscrimination Act (GINA), which addressed the application of the HIPAA Privacy Rule to genetic information. The definitions are in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. The Final Rule states: …

Ed JonesGINA, Health IT and HITECH, HIPAA Law, Privacybusiness associate, compliance date, contributions, covered entity, definition, effective date, eligibility, employment, family member, FERPA, Final rule, genetic information, Genetic Information Nondiscrimination Act, genetic services, genetic testing, GINA, group coverage, health coverage, health information. enforcement rule, HIPAA PRIVACY RULE, HIPAAA Final Rule, HMO, immunization records, manifestation, manifested, March 26 2013, Medigap, nondiscrimination, premiums, privacy protections, Secretary of HHS, September 23 2013, Title I, Title II, underwritingLeave a comment

HIPAA Final Rule: Modification of Business Associate Definition, Part (6)–Exceptions

February 14, 2013. Today, we finish examining the business associate definition, focusing on exceptions, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Paragraph (4) of the modified definition outlines 4 exceptions (45 CFR 160.103, Definitions, as shown at 78 Federal Register 5688):…

Ed JonesHealth IT and HITECH, HIPAA Law, Privacy, Securityactivity, authorized by law, business associate, business associate contract, compliance date, covered entity, definition, Disclosure, effective date, eligibility, Enforcement, enrollment, entity, exceptions, Federal Register, function, government agency, government health plan, group health plan, Health Care Provider, health insurance issuer, HIPAA Final Rule, HIPAA rules, HMO, Individually Identifiable Health Information, March 26 2013, modification, organized health care arrangement, person, plan sponsor, protected health information, public benefits, September 23 2013, Subcontractor, TreatmentLeave a comment

HIPAA Final Rule: Modification of Business Associate Definition, Part (5)–Subcontractors

February 13, 2013. Today, we finish examining (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the last of three parts of this paragraph: “(3) Business associate includes: (iii) A subcontractor that…

Ed JonesHealth IT and HITECH, HIPAA Law, Privacy, Securityactivity, business associate, business associate contract, CFR, compliance date, conduit, creates, definition, delegation, discovered breach, down the chain, effective date, Federal Register, function, health care functions, hierarchy of subcontractors, HIPAA Final Rule, HIPAA Security Rule, implementation specification, maintains, March 26 2013, modification, Organizational Requirements, other arrangements, person, protected health information, reasonable and appropriate safeguard, receives, satisfactory assurances, September 23 2013, service, Subcontractor, transmission services, transmits, workforceLeave a comment

HIPAA Final Rule: Modification of Business Associate Definition, Part (4)–Personal Health Record Vendor

February 12, 2013. Today, we examine the role of the personal health record vendor in paragraph (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the second of three parts of this…

Ed JonesAmerican Recovery and Reinvestment Act, Health IT and HITECH, HIPAA Law, Privacy, Securityaccess, behalf of covered entities, business associate, compliance date, conduit, covered entity, data transmission services, definition, effective date, electronic health record, electronic means, enrollee, guidance, HIPAA, HIPAA Final Rule, HITECH Act, interoperability, March 26 2013, modification, patient, personal health record, personal health record vendor, September 23 2013, Subcontractor, written authorizationLeave a comment

HIPAA Final Rule: Modification of Business Associate Definition, Part (3)

February 11, 2013. Today, we start to examine (3)—the third paragraph of four—of the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the first of three parts of this paragraph, (i), which is the subject of today’s…

Ed JonesAmerican Recovery and Reinvestment Act, Health IT and HITECH, HIPAA Law, Privacy, Securityaccess, access on a routine basis, business associate, compliance date, conduit, covered entity, creates, data storage, data transmission services, definition, digital, E-prescribing Gateway, effective date, electronic health information exchange, Federal Register, Final rule, guidance, hard copy, health information organization, HIPAA, HITECH Act, infrequent basis, maintains, March 26 2013, modification, person, personal health record vendor, protected health information, random access, receives, required by law, routine basis, September 23 2013, temporary storage, transient versus persistent, transmission, transmits, transmitted dataLeave a comment

HIPAA Final Rule: Modification of Business Associate Definition, Parts (1) & (2)

February 8, 2013. Today, we examine (1) and (2)—the first two parts of four—of the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. As with its predecessor, the modified definition of business associate refers to “business associate means, with…

Ed JonesHealth IT and HITECH, HIPAA Law, Privacy, Security42 CFR 3.20, 45 CFR 160.103, accounting, accreditation, activity, actuarial, benefit management, billing, business associate, claims administration, claims processing, consulting, covered entity, creates, data aggregation, data analysis, definition, Disclosure, financial services, function, HIPAA Final Rule, HIPAA rules, Individually Identifiable Health Information, legal, maintains, Modifications, organized health care arrangement, patient safety activities, Patient Safety Organization, Patient Safety Rule, person, practice management, protected health information, PSQIA, quality assurance, receives, repricing, subchapter, transmits, utilization review, workforce memberLeave a comment

HIPAA Final Rule: Business Associate Definition

February 7, 2013. Today, we provide the business associate definition, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Business Associate: Definition (78 Federal Register 5688)– “(1) Except as provided in paragraph (4) of this definition, business associate means, with respect to a…

Ed JonesHealth IT and HITECH, HIPAA Law, Privacy, SecurityBreach Notification, business associate, business associate definition, compliance date, covered entity, creates, Disclosure, E-presribing Gateway, effective date, Enforcement, Federal Register, Genetic Information Nondiscrimination Act, Health Care Provider, health information organization, HIPAA Final Rule, HITECH Act, January 25 2013, March 26 2013, Modifications, organized health care arrangement, patient safety, plan sponsor, Privacy, protected health information, publication date, receives, Security, September 23 2013, Subcontractor, transmits, workforceLeave a comment

HIPAA Final Rule: Modified Rule for Business Associates and Subcontractors

February 6, 2013. Today, we cover the business associate Administrative Safeguard (b) of the Security Rule, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. HIPAA did not directly regulate business associates of covered entities. The HITECH Act’s 13401 statutorily changed that: The…

Ed JonesAmerican Recovery and Reinvestment Act, Enforcement, Health IT and HITECH, HIPAA Law, SecurityAdministrative Safeguard, availability, business associate, business associate agreement, compliance date, confidentiality, covered entity, create, DEPARTMENT OF HEALTH AND HUMAN SERVICES, documentation, effective date, electronic protected health information, guidance, HHS, HIPAA Final Rule, implementation specification, integrity, January 25 2013, maintain, March 26 2013, notifications, OCR, Office for Civil Rights, other arrangement, physical safeguard, policies and procedures, reasonable and appropriate, receive, Security Rule, September 23 2013, Subcontractor, Technical Safeguard, transmit, written contractLeave a comment

HIPAA Final Rule: Security Standards, General Rules & Administrative Safeguard Modifications

February 5, 2013. Today, we cover the modifications to Security Standards: General Rules, and Administrative Safeguards in the HIPAA Security Rule, as modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Security Standards: General Rules. The five General Rules govern how the administrative, physical,…

Ed JonesAmerican Recovery and Reinvestment Act, Health IT and HITECH, HIPAA Law, SecurityAccess Establishment and Modification, addressable, administrative safeguards, alternative measure, availability, business associate, business associate contracts and other arrangements, compliance date, confidentiality, covered entity, documentation, effective date, electronic protected health information, equipped, flexibility of approach, general requirements, General Rules, Genetic Information Nondiscrimination Act, HIPAA Privacy, HIPAA Security Rule, HITECH Act, implementation specifications, integrity, January 25 2013, maintenance, March 26 2013, Modifications, other arrangement, physical safeguards, policies and procedures, potential risks, reasonable and appropriate, Response and Reporting, Risk Analysis, sanction policy, Security Standards, September 23 2013, Standards, technical safeguards, termination procedures, workforce, workforce securityLeave a comment

Final HIPAA Rule: Security Statutory Authority and Direct Regulation of Business Associates

February 4, 2013. Today, we cover the security safeguards of the HIPAA Security Rule, as Modified by the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. The statutory authority for applicability of the HIPAA Security Rule is in Section 13401 of the HITECH Act (123 STAT….

Ed JonesAmerican Recovery and Reinvestment Act, Enforcement, Health IT and HITECH, HIPAA Law, Privacy, SecurityAdministrative Safeguard, Breach Notification, business associate, business associate agreement, business associate contract, civil and criminal penalties, compliance date, control access, covered entity, direct regulation, effective date, electronic information systems, electronic protected health information, Final HIPAA Rule, General Rules, genetic information, GINA, HIPAA enforcement, HIPAA Privacy, HIPAA security, HITECH Act, January 25 2013, March 26 2013, Modifications, natural and environmental hazards, other arrangement, physical safeguard, related buildings and equipment, security provision, Security Standards, security statutory authority, September 23 2013, Social Security Act, statutory language, Technical Safeguard, unauthorized intrusion, violation, workforceLeave a comment