Changes by HHA/OCR under new HIPAA Final Rule implements a number of provisions for HITECH to strengthen privacy and security. This rule expands many of the requirements to business associates of covered entities. Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.
- Read the HHS Press Release http://www.hhs.gov/news/press/2013pres/01/20130117b.html
- Read the Final Rule in the Federal Register http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf
One of the changes requires you to update your BAA’s (see a sample)
Another change requires health care providers to update their Notice of Privacy Practices (NPP). You can review the highlights in the HHS Press Release link above.