Regulatory: Compliance deadline for new HIPAA rules is rapidly approaching

A compliance checklist for business associaties and covered entities

On Jan. 17, the Department of Health and Human Services (HHS) released its long-awaited, final Health Insurance Portability and Accountability Act (HIPAA) rule, which significantly expands certain HIPAA obligations for covered entities and their business associates. HIPAA is the federal statute that governs the confidentiality and protection of a patient's protected health information.

The final rule, which was published in the Federal Register on Jan. 25, expands HIPAA obligations for business associates and their subcontractors, revises the requirements regarding the use and disclosure of patient information, expands patient rights, clarifies the content of the Notice of Privacy Practices to be provided by health care providers, modifies the breach notification requirements, and expands enforcement provisions and penalties. Covered entities and business associates have until Sept. 23 (and in limited circumstances with respect to amending business associate agreements, until Sept. 23, 2014) to achieve compliance with the new provisions contained in the final rule.

Contributing Author

author image

Kelli Fleming

Kelli Fleming is a partner with Burr & Forman LLP (Birmingham, Ala.). She represents health care clients, including hospitals, surgery centers, physician practices, diagnostic centers...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.