Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules

United States Government Publishing Office publisher pbl distributor dst United States National Archives and Records Administration Office of the Federal Register author aut Government Organization text government publication eng FR Regulatory Information 2013_register executive 2013-01-25 article Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules Part II Rules and Regulations D09002ee1c7fbeed3 D09002ee1c7fbf020 United States Department of Health and Human Services originator org United States Government Agency or Subagency United States Office of the Secretary originator org United States Government Agency or Subagency The Department of Health and Human Services (HHS or "the Department") is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act ("the HITECH Act" or "the Act") to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities. 78 FR 5566 https://www.govinfo.gov/app/details/FR-2013-01-25/2013-01073 2013-01073 fr25ja13-14 RIN 0945-AA03 4153-01-P https://www.govinfo.gov/app/details/FR-2013-01-25/2013-01073 https://www.govinfo.gov/content/pkg/FR-2013-01-25/html/2013-01073.htm https://www.govinfo.gov/content/pkg/FR-2013-01-25/pdf/2013-01073.pdf Administrative Practice and Procedure Computer Technology Electronic Information System Electronic Transactions Employer Benefit Plan Health Health Care Health Facilities Health Insurance Health Records Hospitals Investigations Medicaid Medical Research Medicare Penalties Privacy Reporting and Record Keeping Requirements Security 137 p. 5566 5702 78 FR 5566 Code of Federal Regulations Title 45 Part 160 45 CFR Part 160 Code of Federal Regulations Title 45 Part 164 45 CFR Part 164 Regulation Identification Number 0945-AA03 RIN 0945-AA03 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Federal Register Vol. 78, Issue RULE 2013-01073 II DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the Secretary 2013-03-26 4153-01-P 2013-01073 Final rule.

The Department of Health and Human Services (HHS or "the Department") is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act ("the HITECH Act" or "the Act") to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

Effective date: This final rule is effective on March 26, 2013. Andra Wicks 202-205-2292. Administrative Practice and Procedure Computer Technology Electronic Information System Electronic Transactions Employer Benefit Plan Health Health Care Health Facilities Health Insurance Health Records Hospitals Investigations Medicaid Medical Research Medicare Penalties Privacy Reporting and Record Keeping Requirements Security HIPAA Privacy, Security, Enforcement, and Breach Notification Rules , http://csrc.nist.gov/publications/nistir/ir7298-rev1/nistir-7298-revision1.pdf http://ncvhs.hhs.gov/050111mn.htm http://www.bls.gov/oes/current/naics3_541000.htm#23-0000 http://www.bls.gov/oes/current/oes_nat.htm http://www.cms.gov/manuals/Downloads/bp102c15.pdf http://www.datalossdb.org http://www.dol.gov/ebsa/faqs/faq-GINA.html http://www.hhs.gov/ocr/civilrights/ http://www.hhs.gov/ocr/enforcement/ http://www.hhs.gov/ocr/office/about/rgn-hqaddresses.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule http://www.hhs.gov/ocr/privacy/hipaa/faq/business_associates/236.html http://www.hhs.gov/ocr/privacy/hipaa/faq/business_associates/239.html http://www.hhs.gov/ocr/privacy/hipaa/faq/protected_health_information/354.html http://www.hhs.gov/ocr/privacy/hipaa/faq/providers/business/245.html http://www.hhs.gov/ocr/privacy/hipaa/faq/right_to_request_a_restriction/512.html http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hipaaferpajointguide.pdf http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/provider_ffg.pdf http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/eaccess.pdf http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/research/index.html http://www.hhs.gov/ohrp/sachrp/hipaalettertosecy090104.html http://www.nacds.org/wmspage.cfm?parm1=507 http://www.ncvhs.hhs.gov/04061712.html http://www.ncvhs.hhs.gov/040902lt1.htm http://www.regulations.gov http://www.sba.gov/advo/research/data.html http://www.sba.gov/content/small-business-size-standards www.bls.gov/oes/current/oes_nat.htm Federal Register Vol. 78, no. 17 Office of the Federal Register, National Archives and Records Administration 2013-01-25 continuing daily deposited born digital 465 p. Table of Contents: AE 2.7: GS 4.107: AE 2.106: KF70.A2 https://www.govinfo.gov/app/details/FR-2013-01-25 P0b002ee183b5199f 0097-6326 0042-1219 0364-1406 769-004-00000-9 000582072 f:fr25ja13 https://www.govinfo.gov/app/details/FR-2013-01-25 https://www.govinfo.gov/content/pkg/FR-2013-01-25/pdf/FR-2013-01-25.pdf https://www.govinfo.gov/content/pkg/FR-2013-01-25/xml/FR-2013-01-25.xml fdlp 5253 5705 DGPO 2013-01-25 2024-06-03 FR-2013-01-25 machine generated eng FR FR-2013-01-25 78 17