Published Mar 22, 2013
nurseprnRN, BSN, RN
1 Article; 5,116 Posts
ii. Summary of Major Provisions
This omnibus final rule is comprised of the following four final rules:
1. Final modifications to the HIPAA Privacy, Security, and Enforcement Rules
mandated by the Health Information Technology for Economic and Clinical
Health (HITECH) Act, and certain other modifications to improve the Rules,
which were issued as a proposed rule on July 14, 2010. These modifications:
Make business associates of covered entities directly liable for compliance
with certain of the HIPAA Privacy and Security Rules' requirements.
* Strengthen the limitations on the use and disclosure of protected health
information for marketing and fundraising purposes, and prohibit the sale of
protected health information without individual authorization.
* Expand individuals' rights to receive electronic copies of their health
information and to restrict disclosures to a health plan concerning treatment
for which the individual has paid out of pocket in full.
* Require modifications to, and redistribution of, a covered entity's notice of
privacy practices.
* Modify the individual authorization and other requirements to facilitate
research and disclosure of child immunization proof to schools, and to enable
access to decedent information by family members or others.
* Adopt the additional HITECH Act enhancements to the Enforcement Rule not
previously adopted in the October 30, 2009, interim final rule (referenced
immediately below), such as the provisions addressing enforcement of
noncompliance with the HIPAA Rules due to willful neglect.
2. Final rule adopting changes to the HIPAA Enforcement Rule to incorporate the
increased and tiered civil money penalty structure provided by the HITECH Act,
originally published as an interim final rule on October 30, 2009.
3. Final rule on Breach Notification for Unsecured Protected Health Information
under the HITECH Act, which replaces the breach notification rule's "harm"threshold with a more objective standard and supplants an interim final rule
published on August 24, 2009.
4. Final rule modifying the HIPAA Privacy Rule as required by the Genetic
Information Nondiscrimination Act (GINA) to prohibit most health plans from
using or disclosing genetic information for underwriting purposes, which was
published as a proposed rule on October 7, 2009.
You can read the whole 563 pages if you like at
http://www.workplaceprivacyreport.com/uploads/file/2013-01073%20HIPAA%20rules%20modifiction%2001172013.pdf
krwrnbsn
77 Posts
ii. Summary of Major ProvisionsThis omnibus final rule is comprised of the following four final rules:1. Final modifications to the HIPAA Privacy, Security, and Enforcement Rulesmandated by the Health Information Technology for Economic and ClinicalHealth (HITECH) Act, and certain other modifications to improve the Rules,which were issued as a proposed rule on July 14, 2010. These modifications:Make business associates of covered entities directly liable for compliancewith certain of the HIPAA Privacy and Security Rules requirements. Strengthen the limitations on the use and disclosure of protected healthinformation for marketing and fundraising purposes, and prohibit the sale ofprotected health information without individual authorization. Expand individuals rights to receive electronic copies of their healthinformation and to restrict disclosures to a health plan concerning treatmentfor which the individual has paid out of pocket in full. Require modifications to, and redistribution of, a covered entitys notice ofprivacy practices. Modify the individual authorization and other requirements to facilitateresearch and disclosure of child immunization proof to schools, and to enableaccess to decedent information by family members or others. Adopt the additional HITECH Act enhancements to the Enforcement Rule notpreviously adopted in the October 30, 2009, interim final rule (referencedimmediately below), such as the provisions addressing enforcement ofnoncompliance with the HIPAA Rules due to willful neglect.2. Final rule adopting changes to the HIPAA Enforcement Rule to incorporate theincreased and tiered civil money penalty structure provided by the HITECH Act,originally published as an interim final rule on October 30, 2009.3. Final rule on Breach Notification for Unsecured Protected Health Informationunder the HITECH Act, which replaces the breach notification rules harmthreshold with a more objective standard and supplants an interim final rulepublished on August 24, 2009.4. Final rule modifying the HIPAA Privacy Rule as required by the GeneticInformation Nondiscrimination Act (GINA) to prohibit most health plans fromusing or disclosing genetic information for underwriting purposes, which waspublished as a proposed rule on October 7, 2009.You can read the whole 563 pages if you like athttp://www.workplaceprivacyreport.com/uploads/file/2013-01073%20HIPAA%20rules%20modifiction%2001172013.pdf
with certain of the HIPAA Privacy and Security Rules requirements.
Strengthen the limitations on the use and disclosure of protected health
Expand individuals rights to receive electronic copies of their health
Require modifications to, and redistribution of, a covered entitys notice of
Modify the individual authorization and other requirements to facilitate
Adopt the additional HITECH Act enhancements to the Enforcement Rule not
under the HITECH Act, which replaces the breach notification rules harmthreshold with a more objective standard and supplants an interim final rule
Thanks for the update GrnTea.
Periodic bump. :)