The US Department of Health and Human Services (HHS) has announced updates to HIPAA, the Health Insurance Portability and Accountability Act, that bring patient privacy rights and safeguards up to the standards and requirements needed for the digital age.
Although several changes were implemented in the revision, the biggest change in the update is the expansion of requirements beyond health care providers, health plants and entities that work with health insurance claims to also include business associates such as contractors and subcontractors that perform services on behalf of health care providers. The amended HIPAA rules formalize many of the changes made in the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act).
A summary of changes to HIPAA include:
The final omnibus rule enhances patient privacy protections, provides individuals new rights to their health information, and strengthens the government's ability to enforce the law. The new rules take effect on March 26th, 2013 for health care providers and September 23, 2013 for business associates.