ENTtoday
  • Home
  • COVID-19
  • Practice Focus
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Departments
    • Issue Archive
    • TRIO Best Practices
      • Allergy
      • Facial Plastic/Reconstructive
      • Head and Neck
      • Laryngology
      • Otology/Neurotology
      • Pediatric
      • Rhinology
      • Sleep Medicine
    • Career Development
    • Case of the Month
    • Everyday Ethics
    • Health Policy
    • Legal Matters
    • Letter From the Editor
    • Medical Education
    • Online Exclusives
    • Practice Management
    • Resident Focus
    • Rx: Wellness
    • Special Reports
    • Tech Talk
    • Viewpoint
    • What’s Your O.R. Playlist?
  • Literature Reviews
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Events
    • Featured Events
    • TRIO Meetings
  • Contact Us
    • About Us
    • Editorial Board
    • Triological Society
    • Advertising Staff
    • Subscribe
  • Advertise
    • Place an Ad
    • Classifieds
    • Rate Card
  • Search

Department of Health and Human Services’ Final Rule Expands HIPAA Obligations, Violation Penalties

by Steven M. Harris, Esq. • May 1, 2013

  • Tweet
  • Email
Print-Friendly Version

On January 17, 2013, the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) issued an omnibus final rule implementing various provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH Act). The Final Rule revises the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the interim final Breach Notification Rule. This will affect not only physician practices, but also their business associates who have access to protected health information (PHI) and even business associates’ subcontractors. Now is the time to make sure your agreements with business associates comply with these new rules.

You Might Also Like

  • Omnibus Rule Compliance Deadline Imminent
  • HIPAA Expansion: Ensure your practice meets the law’s new provisions
  • Healthcare Providers Must Comply with HIPAA Privacy Practices
  • Avoid Data Breaches, HIPAA Violations When Posting Patients’ Health Information Online
Explore This Issue
May 2013

Background

On February 17, 2009, President Barack Obama signed the American Recovery and Reinvestment Act of 2009 into law, which included the HITECH Act. The HITECH Act expanded the obligations of covered entities and business associates to protect the confidentiality and security of PHI.

Under HIPAA, covered entities may disclose PHI to business associates and permit business associates to create and receive PHI on behalf of the covered entity, subject to the terms of a business associate agreement between the parties. A “covered entity” is defined as a health plan, health care clearinghouse or health care provider (e.g., physician practice or hospital) that transmits health information electronically. In general, the HIPAA regulations have traditionally defined a “business associate” as a person (other than a member of the covered entity’s workforce) or entity who, on behalf of a covered entity, performs a function or activity involving the use or disclosure of PHI, such as the performance of financial, legal, actuarial, accounting, consulting, data aggregation, management, administrative or accreditation services to or for a covered entity.

Prior to the HITECH Act, business associates were contractually obligated under their business associate agreements to maintain the privacy and security of PHI but could not be sanctioned for failing to comply with HIPAA. However, the HITECH Act expanded the obligations and exposure of business associates by:

The HITECH Act strengthens the penalties and enforcement mechanisms under HIPAA.
  1. Applying many of the privacy and security standards to business associates;
  2. Subjecting business associates to the breach notification requirements; and
  3. Imposing civil and criminal penalties on business associates for HIPAA violations.

In addition, the HITECH Act strengthened the penalties and enforcement mechanisms under HIPAA and required periodic audits to ensure that covered entities and business associates are compliant.

Expansion of Breach Notification Requirements

The Final Rule expands the breach notification obligations of covered entities and business associates by revising the definition of “breach” and the risk assessment process for determining whether notification will be required. Under the Final Rule, a use or disclosure of unsecured PHI that is not permitted under the Privacy Rule is presumed to be a breach (and therefore requires notification to the individual, OCR and possibly the media) unless the incident satisfies an exception* or the covered entity or business associate demonstrates a low probability that PHI has been compromised. This risk analysis is based on at least the following four factors:

Pages: 1 2 3 | Single Page

Filed Under: Departments, Legal Matters Tagged With: HIPAA, legalIssue: May 2013

You Might Also Like:

  • Omnibus Rule Compliance Deadline Imminent
  • HIPAA Expansion: Ensure your practice meets the law’s new provisions
  • Healthcare Providers Must Comply with HIPAA Privacy Practices
  • Avoid Data Breaches, HIPAA Violations When Posting Patients’ Health Information Online

The Triological SocietyENTtoday is a publication of The Triological Society.

The Laryngoscope
Ensure you have all the latest research at your fingertips; Subscribe to The Laryngoscope today!

Laryngoscope Investigative Otolaryngology
Open access journal in otolaryngology – head and neck surgery is currently accepting submissions.

Classifieds

View the classified ads »

TRIO Best Practices

View the TRIO Best Practices »

Top Articles for Residents

  • Do Training Programs Give Otolaryngology Residents the Necessary Tools to Do Productive Research?
  • Why More MDs, Medical Residents Are Choosing to Pursue Additional Academic Degrees
  • What Physicians Need to Know about Investing Before Hiring a Financial Advisor
  • Tips to Help You Regain Your Sense of Self
  • Should USMLE Step 1 Change from Numeric Score to Pass/Fail?
  • Popular this Week
  • Most Popular
  • Most Recent
    • The Dramatic Rise in Tongue Tie and Lip Tie Treatment
    • Vertigo in the Elderly: What Does It Mean?
    • Experts Delve into Treatment Options for Laryngopharyngeal Reflux
    • Weaning Patients Off of PPIs
    • Some Laryngopharyngeal Reflux Resists PPI Treatment
    • Vertigo in the Elderly: What Does It Mean?
    • New Developments in the Management of Eustachian Tube Dysfunction
    • Some Laryngopharyngeal Reflux Resists PPI Treatment
    • Eustachian Tuboplasty: A Potential New Option for Chronic Tube Dysfunction and Patulous Disease
    • The Dramatic Rise in Tongue Tie and Lip Tie Treatment
    • Did You Receive COVID-19 Relief? Here Are Reporting Considerations for 2021
    • Otolaryngology Experts Share Best Practices in Five Areas
    • How Climate Change May Be Affecting Sleep Patterns for Adults and Children
    • Laryngologists Discuss Tough Tracheostomy Choices During COVID-19 Era
    • Head and Neck Cancer: Experts Discuss How to Improve Surgery Quality and Value

Polls

Did you receive funding from the CARES Act or Paycheck Protection Program?

View Results

Loading ... Loading ...
  • Polls Archive
  • Home
  • Contact Us
  • Advertise
  • Privacy Policy
  • Terms of Use

Visit: The Triological Society • The Laryngoscope • Laryngoscope Investigative Otolaryngology

Wiley
© 2021 The Triological Society. All Rights Reserved.
ISSN 1559-4939

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
This site uses cookies: Find out more.