What: On January 17, 2013, the federal Department of Health and Human Services (HHS) announced a final omnibus rule amending the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in accordance with the HITECH Act of 2009. The 2013 amendments, which are effective on March 26, 2013, supplement and modify the HIPAA Privacy, Security, Breach Reporting, and Enforcement Rules. Among the most significant changes in the 2013 amendments are the provisions that extend the Privacy and Security Rule’s stringent compliance obligations to business associates (BA) and expand the definition of BAs to include subcontractors of BAs.
Why: If you or your company is a business associate (BA), take note. These amendments extend “the most stringent compliance obligations” to BAs as well as “expanding the definition of BAs to include subcontractors of the BAs.”