New Rule Protects Patient Privacy, Secures Health Information
January 28, 2013The U.S. Department of Health and Human Services (HHS) moved forward to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The changes in the final rulemaking provide the public with increased protection and control of personal health information. The HIPAA Privacy and Security Rules have focused on health care providers, health plans and other entities that process health insurance claims. The rule released Jan. 17, is effective March 26, but covered entities and business associates won’t have to comply until Sept. 23.
The long-awaited HIPAA omnibus rule:
- replaces the breach notification rule’s harm threshold with “a more objective standard.”
- holds business associates liable for certain HIPAA requirements.
- allows patients to receive electronic copies of their health information.
- requires changes to the notice of privacy practices.
- limits the use and disclosure of protected health information for marketing and fundraising.
- prohibits most health plans from using or disclosing genetic information for underwriting purposes, as required by the Genetic Information Nondiscrimination Act.
- adopts increased and tiered civil monetary penalties of up to $1.5 million per violation.