HHS makes 'sweeping' changes to HIPAA

“We have moved into an area of more assertive enforcement.”
By Tom Sullivan
January 18, 2013
09:48 AM

The most eagerly awaited — if not anxiety-laden — set of regulations in the healthcare spectrum arrived late Thursday: HHS issued modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules. The man charged with enforcing the rules said they represent "sweeping changes."

“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented," Leon Rodriguez, director of the HHS Office for Civil Rights, said in a prepared statement.The changes, he said, "not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a healthcare provider or one of their business associates.”

Speaking at the Healthcare IT News/HIMSS Media Privacy & Security Forum in December, Rodriguez noted that until three or so years ago, the agency’s strategy was focused on “specific investigations into specific incidents.” Since HITECH, however, the mandate has been to do something far broader in focus, he said. “We have moved into an area of more assertive enforcement.”

[See also: As OCR promises more fines, two CIOs offer tips on risk assessments.]

He asserted they there would continue to be  “more monetary settlements,” be they from physician practices, hospitals, health plans or state social services agencies.

“Everyone of those is a message to the rest of the industry,” he said.

[See also: Q&A: OCR Director Leon Rodriguez talks audits and enforcements.]

The final rule is composed of four final rules, HHS explains in the document (PDF). They were combined, HHS states, "to reduce the impact and number of times certain compliance activities need to be undertaken by the regulated entities.”

The four parts are:

1. Final modifications to the HIPAA Privacy, Security, and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and certain other modifications to improve the Rules, which were issued as a proposed rule on July 14, 2010. These modifications:

Topics: 
Health Information Exchange (HIE), Privacy & Security, Government & Policy

More regional news

Clinician in scrubs at a hospital computer

CommonSpirit partners up with U of U for clinical collaboration

By
Andrea Fox
November 22, 2024
Stethoscope on an iPad

HIMSSCast: Care provider or tool? When and why patients like AI

By
Andrea Fox
November 22, 2024

EHR tips on migrating an all-digital hospital to Epic

By
Bill Siwicki
November 22, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story
EHR tips on migrating an all-digital hospital to Epic

Most Read

What Loper Bright and the end of Chevron deference mean for HHS
Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
India to harness ABDM data to develop public AI
South Korea to digitise medical image exchange system
ASTP intros 2024 draft Federal FHIR Action Plan

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive

More Stories

Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective
Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards