Significant Changes in HIPAA Compliance and Enforcement Are Here

Legal Alerts

1.22.13

On Thursday, January 17, 2013, The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services issued the long-awaited final HIPAA “mega” rule to implement the myriad of changes required by the HITECH Act. Weighing in at 563 pages, some of the highlights of the mega rule include:

  • heightened responsibilities and liabilities of business associates and business associate subcontractors;
  • mandatory changes to business associate agreements;
  • mandatory changes to Notices of Privacy Practices;
  • changes to the nature of the risk assessment mandated to determine if a data breach requiring notification has occurred;
  • tightened restrictions on marketing and fundraising activities;
  • tightened restrictions on the sale of protected health information;
  • changes to a patient’s right of access to electronic PHI;
  • changes to penalties for violations, and the manner in which OCR will mete out penalties.

Prior to the general compliance date of September 23, 2013, Dykema will issue a continuing series of more in-depth analyses of these and other changes made by the mega rule, using a variety of media such as webinars, alerts and workshops. We are ready to assist our clients to take the steps necessary to come into compliance with the new requirements – and to defend any client that becomes entangled in an OCR enforcement action. Watch your email for further information from Dykema.

If you have questions or would like additional information, please contact: Kathrin Kudner at 313-568-6896 or Joanne Lax at 248-203-0816.

Related Services