Advertisement

July 13, 2014

HIPAA Rules... Finally!

The below is client alert from our fellow Womble attorney Jill M. Girardeau that I wanted to share with you.

On Thursday, the Office for Civil Rights of the U.S. Department of Health and Human Services released a final rule containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (the "Final Rule"). The Final Rule will be published in the Federal Register on January 25, 2013. We are conducting a thorough review of the Final Rule and will provide a comprehensive summary once our review is complete. In the meantime, we thought the following information may be helpful to you.

  • The Final Rule is effective on March 26, 2013, and Covered Entities and Business Associates must comply with the Final Rule by September 23, 2013.

  • The Breach Notification Rule has been modified. Until now, an impermissible use or disclosure of Protected Health Information ("PHI") was a Breach only if there was a significant risk of harm. Now, an impermissible use or disclosure of PHI is presumed to be a Breach unless the Covered Entity or Business Associate can demonstrate that there is a low probability that the PHI has been compromised.

  • A subcontractor of a Business Associate that creates, receives, maintains, or transmits PHI on behalf of the Business Associate is now itself a Business Associate. As a result, these subcontractors are subject to the HIPAA provisions applicable to Business Associates.

  • A Covered Entity and a Business Associate (and a Business Associate and its subcontractor) may continue to operate under an existing Business Associate Agreement ("BAA") for a certain amount of time if (1) prior to January 25, 2013, the BAA complied with then-current HIPAA rules and (2) the BAA is not renewed or modified from March 26, 2013 until September 23, 2013. If these conditions are met, the parties can operate under the existing BAA until the earlier of (1) the date the BAA is renewed or modified on or after September 23, 2013 or (2) September 22, 2014.

  • The Final Rule takes a different approach to marketing than the proposed rules from 2010. In short, individual authorization is required for all treatment and health care operations communications if the Covered Entity receives financial remuneration from a third party whose product or service is marketed in the communications.

Stay tuned for a more in-depth analysis of the Final Rule.

Copyright © 2014 Womble Carlyle Sandridge & Rice, PLLC. All Rights Reserved.

About the Author

Gary T McDermott, Womble Carlyle Law Firm, transactional attorney
Attorney

Gary is a transactional attorney with a broad-based practice, including helping developers and property owners complete commercial real estate deals, assisting financial institutions in resolving lending disputes, aiding clients in general corporate matters and asset transactions, and serving as a trusted legal advisor to non-profit organizations.

Gary’s real estate practice involves both commercial and residential development, including condominiums, shopping centers, mixed-use developments, residential subdivisions, medical office buildings and industrial parks. Gary...

704-331-4963

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 4700 Gilbert Ave. Suite 47 #230 Western Springs, IL 60558  Telephone  (708) 357-3317 If you would ike to contact us via email please click here.