Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


New HIPAA rule expands patient privacy regulations

Companies must now disclose information breaches that are likely to compromise patient information

The U.S. Department of Health and Human Services (HHS) on Thursday announced “sweeping” updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which are designed to strengthen patient privacy protections.

The final omnibus rule includes a measure that would extend the privacy rules to contractors and subcontractors of healthcare providers, healthcare plans and other organizations that process health insurance claims. Previously, the law applied only to the healthcare providers and healthcare plans themselves.

The new regulations also raise the disclosure standard for companies that fall victim to information breaches. Previously, companies had to report only those breaches that involved a significant risk of monetary, reputational or other harm to the patient. Under the new rule, organizations must notify the government and patients in the event that any health information is likely compromised.

“Much has changed in health care since HIPAA was enacted over 15 years ago,” HHS Secretary Kathleen Sebelius said in a statement. “The new rule will help protect patient privacy and safeguard patients’ health information in an ever-expanding digital age.”

On an individual level, the law allows patients to request their medical records in electronic form. It also limits how organizations can use personal healthcare information for marketing and fundraising, and prohibits the sale of patients’ information without their permission.

Read more at Thomson Reuters.

For more InsideCounsel coverage of the healthcare industry, see:

Lawyer suspended for two years for pretending to be a doctor

Court tosses hospital’s challenge to NLRB Health Care Rule

Feds charge 91 people in $430 million Medicare fraud

Employers’ health care coverage for transgender employees increasing

Cheat Sheet: What employers need to know about the Affordable Care Act

Alanna Byrne

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.