HIPAA Privacy Rule fact sheet
The Health Insurance Portability and Accountability Act (HIPAA) was signed into Federal Law in 1996. It calls for the simplification of health care transactions and regulations to ensure the privacy and security of health information. The HIPAA Privacy Rule is effective April 14, 2003.
The American Recovery and Reinvestment Act (ARRA) signed into federal law in February 2009, modified the HIPAA Privacy and Security Rules, and require full compliance in February 2010. These changes impact not only “covered entities,” but have a significant impact on “business associates” of covered entities. ARRA also adds increased enforcement provisions including increased penalties, and allows state Attorney’s General to file civil suits on behalf of injured parties.
For more information regarding recent federal rule changes, related to ARRA modification of HIPAA, you may access the related Federal Register sections through the following links:
- Health and Human Services Department – http://edocket.access.gpo.gov/2009/pdf/E9-20169.pdf Breach Notification for Unsecured Protected Health Information , 42740-42770 [E9-20169]
- Federal Trade Commission – http://edocket.access.gpo.gov/2009/pdf/E9-20142.pdf Health Breach Notification Rule , 42962-42985 [E9-20142]
- Health and Human Services Department – http://edocket.access.gpo.gov/2009/pdf/E9-26203.pdf HIPAA Administrative Simplification; Enforcement , 56123-56131 [E9-26203]