The Office for Civil Rights released on January 17, 2013, final privacy and security regulations (563 pages) under the Health Insurance Portability and Accountability Act. The rules address four key issues:

  • Reflecting the changes made by the Health Information for Economic and Clinical Health Act (HITECH);
  • Revisions to the HIPAA enforcement rule;
  • Updates to the previously issued data breach regulations; and
  • Incorporating the changes made by the Genetic Information Nondiscrimination Act.

In general, covered entities and business associates will need to comply by September 23, 2013. We expect to be reporting on some of the key changes shortly.