The Rheumatologist
COVID-19 NewsACR Convergence
  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed
  • Home
  • Conditions
    • Rheumatoid Arthritis
    • SLE (Lupus)
    • Crystal Arthritis
      • Gout Resource Center
    • Spondyloarthritis
    • Osteoarthritis
    • Soft Tissue Pain
    • Scleroderma
    • Vasculitis
    • Systemic Inflammatory Syndromes
    • Guidelines
  • Resource Centers
    • Axial Spondyloarthritis Resource Center
    • Gout Resource Center
    • Psoriatic Arthritis Resource Center
    • Rheumatoid Arthritis Resource Center
    • Systemic Lupus Erythematosus Resource Center
  • Drug Updates
    • Biologics & Biosimilars
    • DMARDs & Immunosuppressives
    • Topical Drugs
    • Analgesics
    • Safety
    • Pharma Co. News
  • Professional Topics
    • Ethics
    • Legal
    • Legislation & Advocacy
    • Career Development
      • Certification
      • Education & Training
    • Awards
    • Profiles
    • President’s Perspective
    • Rheuminations
    • Interprofessional Perspective
  • Practice Management
    • Billing/Coding
    • Quality Assurance/Improvement
    • Workforce
    • Facility
    • Patient Perspective
    • Electronic Health Records
    • Apps
    • Information Technology
    • From the College
    • Multimedia
      • Audio
      • Video
  • Resources
    • Issue Archives
    • ACR Convergence
      • Gout Resource Center
      • Axial Spondyloarthritis Resource Center
      • Psoriatic Arthritis
      • Abstracts
      • Meeting Reports
      • ACR Convergence Home
    • American College of Rheumatology
    • ACR ExamRheum
    • Research Reviews
    • ACR Journals
      • Arthritis & Rheumatology
      • Arthritis Care & Research
      • ACR Open Rheumatology
    • Rheumatology Image Library
    • Treatment Guidelines
    • Rheumatology Research Foundation
    • Events
  • About Us
    • Mission/Vision
    • Meet the Authors
    • Meet the Editors
    • Contribute to The Rheumatologist
    • Subscription
    • Contact
  • Advertise
  • Search
You are here: Home / Articles / HHS Enforces Stricter Rules on HIPAA

HHS Enforces Stricter Rules on HIPAA

April 1, 2010 • By From the College

  • Tweet
  • Email
Print-Friendly Version / Save PDF

As of February 17, 2010, entities covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), such as group health plans and their business associates, will have to take certain actions to ensure continued compliance with the privacy and security provisions of the act.

You Might Also Like
  • HIPAA Privacy Rules Bring New Enforcement Guidelines
  • HIPAA Security Standards: What Rheumatologists Need to Know
  • Department of Health and Human Services’ Final Rule Expands HIPAA Obligations, Violation Penalties
Explore This Issue
April 2010
Also By This Author
  • ACR/ARHP Members Call on Congress to Restore Patients’ Voices

HIPAA was put in place to guard the privacy of protected health information and regulate the manner in which covered entities—defined as a health plan or a healthcare provider that uses a healthcare clearinghouse or an electronic device to transmit health information—and business associates create, store, access, and disclose protected health information.

ad goes here:advert-1
ADVERTISEMENT
SCROLL TO CONTINUE

In the final rule from the Department of Health and Human Services (HHS), stricter penalties were applied for violations of the HIPAA privacy and security rules. The rule also amended HIPAA’s enforcement regulations to incorporate the violation categories of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The categories include violations, adding tiered ranges of civil money penalties, and revised limitations on the HHS secretary’s authority to impose civil money penalties.

Some of the changes to HIPAA include:

ad goes here:advert-2
ADVERTISEMENT
SCROLL TO CONTINUE
  • Business associates (people who provide services to a covered entity) of a covered entity must fully comply with HIPAA’s privacy and security requirements;
  • Covered entities must amend their business associate agreements to reflect the new obligations imposed on business associates;
  • Covered entities must notify individuals of any unauthorized disclosure of their unsecured protected health information (PHI);
  • Business associates must notify covered entities of any unauthorized disclosure of unsecured PHI;
  • Covered entities must honor individuals’ requests to restrict disclosure of PHI; and
  • The new HIPAA provisions will be enforced through heightened penalties and mandatory audits by the HHS secretary.

Also, under the new HIPPA security rules, covered entities will have to amend business associate agreements to reflect changes to the privacy regulation that addresses the storage and transmission of electronic PHI. This applies to a limited extent to business associates by requiring that they comply with the security safeguards set forth in business associate agreements.

Business associates will also need to adopt a security policy, appoint a security officer, and train their workforces on how to safeguard electronic PHI. Similarly, it appears that the rule requires business associates to comply with the privacy provisions of HIPAA to the same extent that covered entities must comply. Currently, business associates are required only to comply with the provisions of the Privacy Rule that are set forth in the business associate agreement.

Pages: 1 2 | Single Page

Filed Under: From the College, Legislation & Advocacy, Practice Management, Quality Assurance/Improvement, Safety Tagged With: health information, Health Insurance Portability and Accountability Act, HHS, HIPAA, Patients, privacy, Security, TechnologyIssue: April 2010

You Might Also Like:
  • HIPAA Privacy Rules Bring New Enforcement Guidelines
  • HIPAA Security Standards: What Rheumatologists Need to Know
  • Department of Health and Human Services’ Final Rule Expands HIPAA Obligations, Violation Penalties
  • Email & Text in the World of HIPAA

Simple Tasks

Learn more about the ACR’s public awareness campaign and how you can get involved. Help increase visibility of rheumatic diseases and decrease the number of people left untreated.

Visit the Simple Tasks site »

Meeting Abstracts

Browse and search abstracts from the ACR Convergence and ACR/ARP Annual Meetings going back to 2012.

Visit the Abstracts site »

Rheumatology Research Foundation

The Foundation is the largest private funding source for rheumatology research and training in the U.S.

Learn more »

The Rheumatologist newsmagazine reports on issues and trends in the management and treatment of rheumatic diseases. The Rheumatologist reaches 11,500 rheumatologists, internists, orthopedic surgeons, nurse practitioners, physician assistants, nurses, and other healthcare professionals who practice, research, or teach in the field of rheumatology.

About Us / Contact Us / Advertise / Privacy Policy / Terms of Use / Cookie Preferences

  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed

Copyright © 2006–2023 American College of Rheumatology. All rights reserved.

ISSN 1931-3268 (print)
ISSN 1931-3209 (online)