Call:  (407) 331-6620 or (850) 439-1001
Toll-free:  (888) 331-6620
PAY ONLINE
Subscribe To Our Monthly Newsletter

HIPAA HITECH Act

HIPAA HITECH ACT

The Health Insurance Portability and Accountability Act (HIPAA) was amended in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The HITECH Act was part of the American Recovery and Reinvestment Act (ARRA) of 2009. The HITECH Act required the U.S. Department of Health and Human Services (HHS) to modify the HIPAA Privacy, Security and Enforcement Rules (HIPAA Rules). The HITECH Act further strengthens the privacy and security protections for health information and improves the ease of use and effectiveness of the HIPAA Rules. Proposed Federal Regulations have recently been released by HHS.

These proposed Regulations not only make HITECH changes, but they are the first major updating of the HIPAA Privacy Rule and HIPAA Security Rule since 2003. (The Privacy Rule and the Security rules can be found at 45 CFR Sections 160, 162 and 164.) HHS says that it took this opportunity to update the Privacy and Security Rules as HHS “has accumulated a wealth of experience with these rules, both from public contact in various forums and through the process of enforcing the rules.”

In the proposed Federal Regulations, HHS solicits comments regarding specific elements of the proposed changes. These comments are due to HHS by September 12, 2010. They could help shape the final Regulations issued by HHS. In the recent past, HHS has seriously considered such comments it received.

The proposed modifications to the HIPAA Rules include:

  1. expanding the required content of business associate (BA) agreements;
  2. extending BA associate requirements to subcontractors;
  3. establishing new limitations on the use and disclosure of protected health information (PHI) for marketing and fund-raising purposes;
  4. creating additional requirements for Notices of Privacy Practices that covered entities are required to give;
  5. greatly increasing the possible civil penalties for violations of HIPAA;
  6. expanding individual patients’ rights to access their information and to place restrictions on certain disclosures of PHI to health plans;
  7. providing more flexibility for research authorizations, including the use of PHI for future, unspecified research;
  8. providing mandatory notices to patients for breaches or possible breaches of their privacy under certain circumstances;
  9. allowing for the disclosure of PHI to a decedent’s family members, even if they are not personal representatives;
  10. prohibiting the sale of PHI; and
  11. adding provisions designed to strengthen and expand HIPAA’s enforcement provisions.

If you are a health care provider who is accused by a patient of a breach of the patient’s confidentiality, you should immediately retain the services of a qualified health attorney to represent you. If you receive a notice from the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services that it is investigating a complaint for a violation of HIPAA, you should immediately retain the services of a qualified health attorney to represent you; you could be facing criminal penalties or significant civil fines.

Main Office • 1101 Douglas Avenue, Suite 1000, Altamonte Springs, FL 32714   Telephone: (407) 331-6620

By Appointment • 37 N. Orange Avenue, Suite 500, Orlando, FL 32801  Telephone: (888) 331-6620

By Appointment • 201 E. Government Street, Pensacola, FL 32502  Telephone: (850) 439-1001 Telefax: (407) 331-3030

By Appointment: 201 St. Charles Avenue, Suite 2500, New Orleans, LA 70170

By making this website information available for those who access it does not constitute doing business in or having a presence in any state or jurisdiction, nor does it constitute an advertisement sent to or a solicitation made in any state or jurisdiction. This firm is located in and maintains a presence in only those states where the firm maintains an actual physical office. Its attorneys are only admitted to practice in those states specifically listed on their resumes.

Available in the following states: Alabama, Alaska, Arizona, Arkansas, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Washington, West Virginia, Wisconsin, and Wyoming

Disclaimer | Terms of Representation

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999. Copyright © 2024 The Health Law Firm. All rights reserved.