top of page

Changes Proposed to HIPAA Privacy, Security, and Enforcement Rules

The U.S. Department of Health and Human Services ("HHS") issued new proposed rules to modify and strengthen the Health Insurance Portability and Accountability Act (HIPAA) privacy, security, and enforcement rules and implement new requirements for business associates of HIPAA-covered entities. The purpose of the new rules is to implement recent statutory amendments under the Health Information Technology for Economic and Clinical Health Act (HITECH Act), which was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA), to strengthen the privacy and security protection of health information, and to improve the workability and effectiveness of these HIPAA rules.

The compliance date will generally be 180 days after final rules are published, although some provisions may have different compliance dates. The proposed rules would:

  • expand individuals' rights to access their health information and restrict certain types of disclosures of protected health information (PHI) to health plans

  • require business associates of HIPAA-covered entities to be under most of the same rules as covered entities 

  • set new limitations on the use and disclosure of PHI for marketing and fundraising 

  • prohibit the sale of PHI without participant authorization

According to an HHS press release, entities that are not covered by the HIPAA rules will also be examined more closely to understand better how they handle PHI and to determine whether additional privacy and security protections are needed for these entities.

A recently launched HHS privacy website helps visitors easily access information about existing HHS privacy efforts and the policies supporting them.

As new information is issued on health reform, Conner Strong will issue alerts and updates. Should you have any questions, please contact your Conner Strong representative toll-free at 1-877-861-3220.


1 view0 comments

Related Posts

See All

IRS PCORI Fees Due by July 31, 2024

The Patient-Centered Outcomes Research Institute (“PCORI”) fee was established as part of the Affordable Care Act (“ACA”) to fund medical research through the PCORI Institute. Employers and plan spons

Reminder: RxDC Reporting Due June 1, 2024

The Centers for Medicare and Medicaid Services (CMS) is now accepting Prescription Drug Data Collection (RxDC) submissions for “reference year” 2023. Data must be submitted through the RxDC Health Ins


bottom of page