HIPAA Alert: Employers Should Update Their Policies in Light of Recent Amendments
Tuesday, November 24, 2009
Print Mail Download i

If your business handles patient or employee medical information, then you need to update your policies and procedures to ensure compliance with recent amendments to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Employers that handle medical information about patients as part of their business, self-insure health insurance plans for their employees, or sponsor a health insurance plan for their employees (but do not use an insurer or third-party administrator to process health insurance claims) are all considered "covered entities" under HIPAA. Any companies that receive medical information about patients from other parties are considered "business associates."

Previously, HIPAA's strict confidentiality and computer security requirements applied only to covered entities, which had to enter into so-called "business associate agreements" with any other company to which they disclosed patient or employee health information. These third parties, or business associates, promised the covered entity that they would keep the patient information confidential, but were not directly subject to HIPAA's regulations or penalties.

That has all changed under the recent HIPAA amendments.

Effective in February 2010, HIPAA's security requirements and financial penalties apply directly to both business associates and covered entities. As a result, business associates must now comply with HIPAA's strict confidentiality and computer security requirements. Violators are subject to government-imposed fines of up to $1.5 million if the violations are willful and continue for more than 30 days.

The HIPAA amendments also:

  • Allow state attorneys general to bring HIPAA enforcement actions. Previously, only the federal government could bring such actions.
  • Provide financial rewards to whistleblowers who report HIPAA violations to federal or states governments. This financial incentive puts all covered entities and business associates at far greater risk.
  • Require employers that discover a HIPAA violation to affirmatively disclose that violation to the government and, if it affects 500 or more people, to the media.

In light of these important changes, all covered entities and business associates should review their HIPAA policies, procedures and agreements in advance of the February 2010 effective date to help ensure that they comply with the new amendments.

© 2024 Much Shelist, P.C.

Current Legal Analysis

More from Much Shelist, P.C.

Signs of Financial Distress in Sectors of Construction Market
by: Josh Leavitt , Scott R. Fradin
Litigation Funding Series: Litigation Q&A and Special Considerations for Distressed Fundees
by: Jonathan Friedland , Jeremy T. Waitzman
FTC Announces Revised Hart-Scott-Rodino Thresholds for 2024
by: David M. Pilotto
Litigation Funding Series: Transactional Q&A
by: Jonathan Friedland , Jeremy T. Waitzman
Litigation Funding Series: Types of Commercial Litigation Funding and Role of Insurance in CLF
by: Jonathan Friedland , Jeremy T. Waitzman
California’s Housing Overhaul Brings Significant Changes for Landlords and Tenants in 2024
by: Laya Dogmetchi
Litigation Funding Series: CLF vs. Secured Lending and CLF vs. Consumer Litigation Finance
by: Jonathan Friedland , Jeremy T. Waitzman
Litigation Funding Series: Introduction and History
by: Jonathan Friedland , Jeremy T. Waitzman
2023 Year-End Estate Planning Update: Time to Act Now
by: Gregg M. Simon , Priya Thennarasu
Cook County Enacts New Paid Leave Ordinance
by: Matthew J. Feery , Sheryl Jaffee Halpern

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins