New HIPAA rules issued
Washington—The Association is reviewing an omnibus final rule issued Jan. 17, 2013 by the Department of Health and Human Services to extend patient privacy and security protections under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The HIPAA rule is effective March 26, and covered entities, including covered dental practices, will have an additional 180 days, or until Sept. 23, to comply with applicable requirements. The regulations:
- Enhance HIPAA enforcement;
- expand many HIPAA requirements to "business associates" such as contractors and subcontractors that receive protected health information;
- expand individuals' rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the provider has been paid out of pocket in full;
- modify rules that apply to marketing and fundraising communications and the sale of protected health information;
- expand the definition of "health information" to include genetic information, and
- clarify when data breaches must be reported to the HHS Office for Civil Rights.
"Much has changed in health care since HIPAA was enacted over fifteen years ago," HHS Secretary Kathleen Sebelius said in a news release. "The new rule will help protect patient privacy and safeguard patients' health information in an ever expanding digital age."
The final rule was published in the Jan. 25 Federal Register, the digest of government regulatory activity.