On January 17, 2013, the Department of Health and Human Services (HHS) posted Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules [PDF] (the Final Rule) under the authority of the HITECH Act and the Genetic Information Nondiscrimination Act (GINA), as well as under the general authority of HHS. The Final Rule, scheduled to be published in the Federal Register on January 25, 2013, will be effective on March 26, 2013. Thankfully, however, in general covered entities and business associates will have an additional six months, until September 23, 2013, to come into compliance. The Final Rule does not address the Proposed Rule on Accounting for Disclosures [PDF], published May 31, 2011.
This client alert provides an overview of the principal changes in the Final Rule. Look for a complete Ober|Kaler review and analysis of the Final Rule in the coming days.