HIPAA Megarule Special Edition Part 1
With the recent publication of the HIPAA Megarule, the ABA eSource Editorial Board, in conjunction with the Section's eHealth, Privacy & Security Interest Group, is publishing two Special Editions within the coming weeks focused on the Rule's implications.
In addition, the HITECH Task Force is seeking to identify volunteers with the time and willingness to help deliver articles, sample forms and podcasts covering various aspects of the Megarule. Many members have already contributed to development of some of these deliverables, and we have some draft materials which will need to be updated and finalized. To participate, please contact Simeon Carson at firstname.lastname@example.org.
|This edition of eSource is brought to you by the eHealth, Privacy & Security Interest Group. |
HIPAA Happenings -- The New HITECH Act Megarule
By Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee, FL
Way back on February 17, 2009, Congress passed a stimulus bill that contained provisions referred to as the Health Information Technology for Economic and Clinical Health ("HITECH") Act. The HITECH Act was geared toward encouraging members of the healthcare industry to adopt and standardize health information technology, and included provisions augmenting the Health Insurance Portability and Accountability Act's ("HIPAA") privacy and security provisions by increasing penalties and expanding HIPAA’s reach to business associates, among other things.
Changes to the Breach Notification Risk Assessment Under the HIPAA Megarule
By Clinton R. Mikel, The Health Law Partners, P.C., Southfield, MI
With last week’s release of the much anticipated “HIPAA Megarule,” the OCR has weighed in on the most discussed and controversial standards in the breach notification regulations mandated by the HITECH Act (the “Breach Rule”). By way of brief background, the Breach Rule requires covered entities to disclose to both patients and the government when there are specific kinds of security breaches involving an unauthorized use or disclosure of unsecured patient information.
Business Associates under the HITECH Megarule:
A Chain of Trust with Teeth
By John R. Christiansen, Christiansen IT Law, Seattle, WA
The Business Associate provisions of the HITECH Megarule (“Megarule”) establishes some of the most dramatic changes to the HIPAA regulations since initially published. The HIPAA jurisdictional limitations which narrowed the application of the regulations to covered entities were removed by the HITECH Act. Now the regulations apply not only to covered entities, but to any other entity which works with protected health information (“PHI”) for any purpose of a covered entity, directly or indirectly.
OCR Finalizes Provisions to the HIPAA Enforcement Rule in the HIPAA Megarule To Address Liability and Civil Money Penalties for HIPAA Violations
By Clay J. Countryman and Stephen Angelette, Breazeale, Sachse & Wilson, LLP, Baton Rouge, Louisiana
On January 17, 2013, the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services released the long-awaited “omnibus final rule” (“HIPAA Megarule”) that adopted four final rules that contain modifications to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”) and other modifications previously proposed by the OCR in other rulemaking
Free Redline of the Final HIPAA Omnibus Rules
Exclusively for Health Law Section Members
The Health Law Section, through its eHealth, Privacy & Security Interest Group, is pleased to provide you with a redline of the changes in the final HIPAA omnibus rules (PDF) which were recently released. Using the redline, you can quickly view how the omnibus rules implicate a particular HIPAA issue. This tool will be invaluable for health lawyers who are working through the implications of the new regulations. If you would like to join the Health Law Section now, please click here.
eHealth, Privacy & Security Interest Group
The eHealth, Privacy & Security Interest Group focuses on three substantive areas - Health Information Privacy, Healthcare Electronic Communication & Information Technology Transactions, and Healthcare Technology Dispute Resolution.
If you would like to join the Interest Group, click the following link: Health Law Section IG Sign-up Form.
The IG is led by Chair Deborah C. Hiser, Brown McCarroll LLP, Austin, TX and Vice Chairs Clay J. Countryman, Breazeale, Sachse & Wilson, LLP, Baton Rouge, LA; Linda Abdel Malek, Moses & Singer LLP, New York, NY; Deborah E. Mann, Bannerman & Johnson PA, Albuquerque, NM and Clinton Mikel, The Health Law Partners, P.C., Southfield, MI.
ABA eSource Editorial Board
The ABA Health eSource Editorial Board is led by Editor, Marla Durben Hirsch, Potomac, MD; Chair Conrad Meyer, Chehardy Sherman, LLP, New Orleans, LA and editorial board members Claire Castles, Jones Day, Los Angeles, CA; Robyn Diaz, St. Jude Children's Research Hospital, Memphis, TN; Robert T. Rhoad, Crowell & Moring LLP, Washington, DC; Jennifer Tsao, Hernandez Schaedel & Associates LLP, Pasadena, CA and Jose Vela Jr, Assistant United States Attorney, Southern District of Texas, Houston, TX.
Do you want to communicate your ideas to thousands of other members? To contribute a newsletter article on a health law topic, send us your ideas to email@example.com.
|The opinions expressed are those of the authors and shall not be construed to represent the policies or positions of the ABA or the ABA Health Law Section.|
|If you are having trouble viewing this email, please visit|
the eSource main page.