October 22, 2019

October 21, 2019

Subscribe to Latest Legal News and Analysis

Tick, Tock: Less than 60 Days to Comply with Updated Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology for Economic and Clinical Health (HITECH) Rules

There are now less than 60 days left for covered entities and business associates to implement provisions set forth in the final omnibus HIPAA/HITECH rules issued by the U.S. Department of Health and Human Services (HHS) in January 2013.  Preparation will require updating of applicable policies, procedures, and training by September 23, 2013.  Business associate agreements (BAAs) entered into on or after January 25, 2013 must also be updated by September 23, 2013. Given increased enforcement activity and breach risk, many covered entities are updating BAAs executed before January 25, 2013 now, prior to the later deadline of September 22, 2014.  In addition, all of the Security Rule and most of the Privacy Rule will now apply directly to business associates, requiring them to implement appropriate administrative and security safeguards.  Those same requirements must also be applied to subcontractors.  Among the most impactful of the changes was HHS’s decision to lower the standard for breach notification by eliminating the “harm threshold”.  Now, rather than weighing the potential harm to the individual to determine if notification is required, unless one of the three narrow exceptions to the rules apply or the covered entity completes the required risk assessment to demonstrate a “low probability” of risk that the information was actually compromised, there will be a presumption of breach.  The result of this lowered standard will be an increase in breach notifications, so covered entities should scrutinize applicable terms in their BAAs, update their incident response procedures, and consider appropriate insurance to address potential costs.

© 2019 Poyner Spruill LLP. All rights reserved.


About this Author

With change constant, and accelerating, health care organizations encounter ever widening obstacles to their success. They need legal guidance from a law firm that understands the challenges they face and can fashion responses to meet their needs.

At Poyner Spruill, we provide just that.

We work with hospitals and health systems, physicians and other licensed medical professionals, physician and other clinical practices, managed care organizations, provider associations, nursing homes, home health agencies, assisted living facilities, hospice agencies, dialysis centers,...