Good write-up by Varonis discussing the finalized regulatory rules for HIPAA:
What has changed
With the finalized rules (which by the way run over 500 pages) not only do business associates come under HIPAA, but a new class of consultants and subcontractors who perform workon behalf of the business associates also have HIPAA obligations.
In effect, the final rules say that any company that has access to e-PHI is treated just like a hospital or HMO. By the way, HIPAA/HITECH’s Breach Notification Rule, which originally required health companies and their business associates to report e-PHI disclosures, is now extended to medical data subcontractors as well.
The ultimate intent is to close off any holes in security and enforcement when the business associates themselves outsource data processing to others.
Read entire article: http://blog.varonis.com/hipaas-new-rules-reach-far-beyond-healthcare-providers-are-you-impacted/
Excellent and detailed write-up of the new HIPAA rules that take effect on September 23, 2013:
On January 17, 2013, the U.S. Department of Health and Human Services (“HHS”) issued the highly anticipated omnibus final rule (the “Final Rule”) to modify the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) pursuant to the Health Information Technology for Economic and Clinical Health Act (“HITECH”). Following the enactment of HITECH, HHS issued interim final rules to implement the breach notification requirements and certain of the enforcement provisions of HITECH (collectively, the “Interim Rules”), and in July of 2010 HHS issued a proposed rule to implement modifications to the privacy and security provisions of HIPAA. Since that time, Covered Entities and their Business Associates and subcontractors have been awaiting the Final Rule to confirm the extent to which these modifications, which are aimed primarily at strengthening the privacy and security protections for protected health information (“PHI”) and tightening the HIPAA enforcement provisions, will impact their operations, contractual relationships and potential exposure for HIPAA liability.
Read all the gory details here: http://www.lexology.com/library/detail.aspx?g=40defc09-2337-435e-be56-2bef662a67e7