HHS releases new HIPAA rules

February 15, 2013

The U.S. Department of Health & Human Services Office for Civil Rights has published the final rule implementing the HITECH Act. The rule takes effect March 26, 2013; its provisions include modifications to the HIPAA privacy, security, enforcement, and breach notification rules.

Washington, DC-The U.S. Department of Health & Human Services (HHS) Office for Civil Rights has published the final rule implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act. The rule’s provisions include modifications to the Health Insurance Portability and Accountability Act (HIPAA) privacy, security, enforcement, and breach notification rules.

The final rule takes effect on March 26, 2013, and covered entities and business associates have 180 days from the effective date-until Sept. 23-to come into compliance with most of the provisions.

The new HIPAA final rule puts into place several new provisions aimed at updating patient privacy safeguards while also recognizing how information needs to be made securely accessible now and in the future, including electronic communications. These include:

  • Patients will be allowed to request an electronic copy of their electronic health record.

  • Patients will have the right to instruct their doctors to withhold information about treatment if the patient pays cash for the services rendered.

  • Optometrists, like other doctors, will need to be aware of additional information requirements for Notices of Privacy Practices (NPPs).

  • NPPs must include information regarding patients’ rights following breaches of protected health information and information regarding a patients’ rights when paying for services out of pocket.

To read the final rule in the Federal Register, go to www.nvfc.org/plugins/content/external_links/external_links/frameset.php?url=http%3A%2F%2Fwww.gpo.gov%2Ffdsys%2Fpkg%2FFR-2013-01-25%2Fpdf%2F2013-01073.pdf.