The New HIPAA Rule Goes into Effect September 23, 2013 – Is Your Company in Compliance?

Share Article

A-lign Security and Compliance Services (“A-lign”) is working with companies to ensure they are compliant with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and Health Information Technology for Economic and Clinical Health (“HITECH”) and that they fully understand the changes associated with the new rule which will be in effect today, September 23, 2013.

Gene Geiger

Our team understands HIPAA/HITECH and the safeguards organizations are required to implement to be compliant with the new rule.

“The changes have a significant impact to business associates and subcontractors that handle electronic protected health information,” stated Gene Geiger, Director at A-lign. “Our team understands HIPAA/HITECH and the safeguards organizations are required to implement to be compliant with the new rule.”

In the newly released rule, Subpart A—General Provisions, Section 160.102—Applicability aims to “make clear” that the provision of HIPAA applies to business associates. The new rule defines a business associate as, “… a person who performs functions or activities on behalf of, or certain services for, a covered entity that involve the use or disclosure of protected health information. The Applicability section of the new rule, for the most part, reiterates the HITECH Act regarding business associates, but is meant to combat the notion in the marketplace that business associates are not responsible for implementing the appropriate Safeguards.

The new rule also clarified the use of subcontractors. The rule extends the HIPAA Safeguards from the covered entity, to the business associate and on to organizations that provide services to the business associate. It is clear that the Department of Health and Human Services didn’t want a loophole that would allow business associates to transfer responsibility for ePHI to a third party and thereby remove the HIPAA requirements. If a person or an organization is involved in “the creation, receipt, maintenance, or transmission of protected health information” they are subject to HIPAA, period.

The rule continues the business associate responsibility by stating that the safeguards from HIPAA and HITECH “apply to business associates in the same manner as these requirements apply to covered entities, and that business associates are civilly and criminally liable for violations of these provisions.” The HITECH Act’s provisions extend direct liability for compliance with the Security Rule to business associates.

If you have any questions regarding the HIPAA and HITECH requirements for your organization contact Gene Geiger at Gene.Geiger(at)alignsecurity(dot)com or 888-575-7450.

Also, to learn more about this ruling, click here: http://www.alignsecurity.com/resources/publications/new-hipaa-rules-impact-on-business-associates.aspx.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Susan Dial
A-lign
703-307-0361
Email >
Visit website