Health Insurance Portability & Accountability Act (HIPAA)

HIPAA Breach Notification Rule Issued (August 2009)… As required by the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of American Recovery and Reinvestment Act of 2009, the U.S. Department of Health and Human Services issued “breach notification” regulations today, August 19, 2009, requiring healthcare providers and other HIPAA covered entities to notify affected individuals following a breach of unsecured protected health information. The HHS interim final regulations are effective 30 days after publication in the Federal Register and include a 60-day public comment period.

Authority and Enforcement to the Office of Civil Rights (July 2009) - HHS delegates HIPAA Security Rule to OCR…HHS delegated authority for the administration and enforcement of the Security Standards for the Protection of Electronic Protected Health Information (Security Rule) to the Office for Civil Rights (OCR).  This action will improve HHS’ ability to protect individuals’ health information by combining the authority for administration and enforcement of the Federal standards for health information privacy and security called for in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The HIPAA Privacy Rule is also administered and enforced by OCR.  For more information, visit U.S. Department of Health & Human Services website.

HIPAA: National Provider Identifier, final rule (Federal Register website - 01/23/04)

• CMS HIPAA UPDATE: Moving Towards Compliance (March, 2003)

Regulatory and Background Information

• HIPAA Privacy Regulations Published an NHPCO Regulatory Alert (08/13/02)
  • A complete copy of the final Privacy Rule as published in the Federal Register
• HIPAA Transaction Rule Deadline Extended (1/7/02)  
• HIPAA Moments - a five part series of Regulatory Alerts focusing on the background and implications of HIPPA, developed by the NHPCO Compliance Workgroup.
• Part 5 - Where to Begin HIPAA Compliance Efforts? (9/26/01)
• Part 4 - What Must Hospices Do To Comply With The HIPAA Privacy Rule? (9/12/01)
• Part 3 - What Does The Privacy Rule Cover & How Is It Coordinated With Existing State Law (9/5/01)
• Part 2 - A General Overview Of The Rule And Penalties For Violations (8/29/01)
• Part 1 - Why Is Everyone Talking About HIPAA And What Does It Mean For Hospices? (8/23/01)
• First Clarification of HIPAA Privacy Rule – an NHPCO Regulatory Alert (7/20/01)
• NHPCO Submits HIPAA Comments to HHS Secretary Tommy G. Thompson (3/30/01)
• HIPAA Final Privacy Regulation Summary (a Hogan & Hartson Health Law Advisory) (12/22/00)