The Office for Civil Rights (OCR) — the folks who brought us the Health Insurance Portability and Accountability Act of 1996 (HIPAA) –has released new and far-reaching changes to the HIPAA privacy, security and enforcement rules.
The new rule will be published in the Jan. 25 Federal Register and will implement statutory requirements that were enacted in the HITECH Act as part of the American Recovery and Reinvestment Act of 2009.
Among other things, the rule clarifies when breaches of unsecured health information must be reported to HHS. It eliminates the prior breach notification rule’s “harm standard” and replaces it with “a more objective standard.”
Although the new rule is effective March 26, 2013, covered entities and business associates have until Sept. 23, 2013 to comply with its provisions.