top of page

Changes Proposed to HIPAA Privacy, Security, and Enforcement Rules

The U.S. Department of Health and Human Services ("HHS") issued new proposed rules to modify and strengthen the Health Insurance Portability and Accountability Act (HIPAA) privacy, security, and enforcement rules and implement new requirements for business associates of HIPAA-covered entities. The purpose of the new rules is to implement recent statutory amendments under the Health Information Technology for Economic and Clinical Health Act (HITECH Act), which was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA), to strengthen the privacy and security protection of health information, and to improve the workability and effectiveness of these HIPAA rules.

The compliance date will generally be 180 days after final rules are published, although some provisions may have different compliance dates. The proposed rules would:

  • expand individuals' rights to access their health information and restrict certain types of disclosures of protected health information (PHI) to health plans

  • require business associates of HIPAA-covered entities to be under most of the same rules as covered entities 

  • set new limitations on the use and disclosure of PHI for marketing and fundraising 

  • prohibit the sale of PHI without participant authorization

According to an HHS press release, entities that are not covered by the HIPAA rules will also be examined more closely to understand better how they handle PHI and to determine whether additional privacy and security protections are needed for these entities.

A recently launched HHS privacy website helps visitors easily access information about existing HHS privacy efforts and the policies supporting them.

As new information is issued on health reform, Conner Strong will issue alerts and updates. Should you have any questions, please contact your Conner Strong representative toll-free at 1-877-861-3220.


1 view

Related Posts

See All

Under the Affordable Care Act (ACA), self-insured companies that provide health insurance to their employees and large businesses must submit information returns to the IRS reporting on individual hea

Each year group health plan (GHP) sponsors that provide prescription drug coverage are required to annually disclose to Medicare (Part D) eligible individuals whether the coverage they offer is “credi

The various federal agencies regularly release Affordable Care Act (ACA) and other indexed dollar limits for health and group benefit plans. We have updated the chart below (last published March 2023)

bottom of page