On January 17, 2013, the United States Department of Health and Human Services (HHS) announced final regulations that require various changes to the already existing privacy, security and breach notification standards to the Health Insurance Portability and Accountability Act (HIPAA). HIPAA requires employer health plans to maintain stringent privacy policies with regards to individuals’ protected health information (PHI), except under certain situations. The new rules make several changes including expanding a patient’s privacy protections, gives individuals new rights to obtain their health records and PHI, and allows the government more enforceability of the law. Also new to this law are the expanded requirements of business partners and associates to maintain privacy for individuals as well as increased penalties for failing to do so.
This lengthy 563 page final rule is expected to be published on January 25, until then you may view the pre-published version here