Jump to Navigation

New HIPAA/HITECH Regulations for Health Care Providers

On January 17, 2013, the Department of Health and Human Services ("HHS"), Office of Civil Rights issued its final rule modifying the HIPAA Privacy, Security, Enforcement and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act ("HITECH").  

HHS modified the definition of what constitutes a "breach" for purposes of the breach notification requirement. Previously, a "breach" had been defined as the "acquisition, access, use or disclosure" of protected health information ("PHI") in violation of the Privacy Rule that "compromises the security or privacy" of the PHI. The phrase "compromises the security or privacy" of the PHI meant that the acquisition, access, use or disclosure posed a "significant risk of financial, reputational, or other harm to the individual." Under the new final rule, HHS revised the definition of a breach to state that a breach is presumed to have occurred, unless the covered entity (or business associate) demonstrates that there is a low probability that PHI has been compromised based on a series of specific factors.  In other words, the final rule makes it clear that notification is required for breaches, even if there is no "harm" to the individual.

HITECH made many of the HIPAA privacy and security requirements applicable directly to business associates. The final rule clarifies the manner in which some of HITECH's provisions will be applied.  Finally, the final rule expanded individual rights, including, for example, an individual's right to receive electronic copies of his or her PHI.

The final rule becomes effective on March 26, 2013 and compliance is required by September 23, 2013.

If you have any questions about the final rule or need assistance with reviewing or revising your HIPAA policies and forms to ensure compliance with the final rule, please contact David C. Marshall at 717-620-2424.

No Comments

Leave a comment
Comment Information

Contact Us

Bold labels are required.

Contact Information

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.


Privacy Policy

subscribe to this blog’s feed FindLaw Network


Latsha Davis & Marshall P.C.
1700 Bent Creek Boulevard, Suite 140
Mechanicsburg, PA 17050

Phone: 717-620-2424
Fax: 717-620-2444
Mechanicsburg Law Office Map

In Maryland call:
Phone: 410-727-2810