HIPAA Regulations

575 Words3 Pages

(September 30, 2013) - The Department of Health and Human Services (HHS) published amended rules applicable to the Health Insurance Portability and Accountability Act (HIPAA) of 1996 in January 2013. As explained by the Secretary of HHS, healthcare has experienced significant changes since HIPAA was enacted in 1996. The implementation of electronic medical records is just one of those changes. The new HIPAA regulations are designed to provide patients with better privacy protection, and additional rights not included in the original HIPAA rules. The new rules became effective on Sept. 23, 2013.

The HIPAA regulation changes include new patient rights. Patients now have a right to request electronic copies of their records if their health care …show more content…

Consequently, the new HIPAA regulations also include significantly increased requirements for business associates and the subcontractors of those business associates. A subcontractor is any entity that does not have a direct contractual relationship with a covered entity, but still receives, maintains, transmits or creates protected health information as part of their work for a business associate of a covered entity. Under the new regulations, subcontractors are included in the definition of "business associate" and also subject to the same criminal and civil sanctions applicable to covered entities and business associates for violations of HIPAA.

The new HIPAA regulations also require each covered entity to take action to cure a breach or end a HIPAA violation by its business associate if the covered entity knows of a pattern or practice of its business associate that violates HIPAA. Covered entities will need to take a more active role in monitoring the activities of their business associates to cure breaches and end HIPAA …show more content…

Now there are four categories of violations based upon the level of culpability involved in the breach. There are corresponding penalties for each category of violation with significantly increased minimum penalties. The maximum penalty amount of $1.5 million annually. As we have discussed in previous posts, the actual cost of violating HIPAA includes numerous other costs in addition to the penalty imposed by HHS. Those other costs include investigation costs, notice to patients, and the purchase identity protection coverage for the affected