- HITECH and HIPAA Implementation Timeline
- The 2009 HITECH Act has significant implications for physicians and other healthcare providers.
- Business Associate Agreement with PRMS
- Participants only; login required.
Under the HITECH provisions, HIPAA covered providers – and their business associates - must comply with new federal breach notification requirements.
Do You Know Enough About HIPAA?
To help you learn how HIPAA affects you, The Psychiatrists' Program offers the following ways to make you more familiar with these new regulations. If you have coverage with us, we invite you to log into My Program to access even more HIPAA resources in My Program: HIPAA Help.
On March 24, 2012 the HHS Office of Civil Rights sent the final HIPAA "Omnibus Rule" to the Office of Management and Budget for review. OMB review is one of the final steps before publication in the Federal Register. There are significant changes and specifications expected to be addressed through further regulations, guidances and other regulatory materials by HHS in the following topics:
- Increased breach notification requirements
- Required accounting of certain PHI disclosures, including for treatment, payment or health care operations, if the covered entity uses or maintains an electronic health record with respect to PHI
- Required provision of copy of PHI in an electronic format, if the covered entity uses or maintains an electronic health record with respect to PHI
- Limiting use, disclosure or request of PHI to the limited data set or minimum necessary
NEW RESOURCE!: Participants should keep in mind that the final published rule may have significant changes to the current language: HIPAA Forms My Program exclusive. Login required.
Multi-Million Dollar Fines and Prison: HIPAA Enforcement My Program exclusive. Login required.
Participants only; login required.
- HIPAA - You Asked For It
- An explanation of the events that culminated in the creation of HIPAA's Privacy Rule.
- HIPAA's Security Rule
- Basic information about this Rule as well as useful resources.
- Enforcement of HIPAA's Privacy Rule by HHS, DOJ, and the Courts
- A review of HHS’ civil enforcement activities, criminal enforcement, and Privacy Rule cases.
- Most Recent:
6/26/12: Alaska DHSS settles HIPAA security case for $1,700,000
- 4/17/12: HHS Settles Case with Phoenix Cardiac Surgery for Lack of HIPAA Safeguards
- 3/13/12: HHS settles HIPAA case with BCBST for $1.5 million
- 2/24/11: MA General Hospital Settles Potential HIPAA Violations
- 2/21/11: HHS Imposes a $4.3 Million Civil Money Penalty for HIPAA Privacy Rule Violations
- 7/14/10: HHS publishes Notice of Proposed Rulemaking re: HITECH modifications to HIPAA regulations
- 8/24/09: HHS issues HITECH Breach Notification Interim Final Rule
- 7/27/09: HHS designates Regional Office Privacy Advisors
- 7/27/09: HHS Secretary transfers Security Rule enforcement authority from CMS to OCR
- 4/17/09: HHS issues HITECH Breach Notification Guidance
- 2/17/09: HITECH Act enacted as Title XIII of the American Recovery and Reinvestment Act of 2009
- 4/18/08: Do Patients Have Access to Therapy or Personal Notes?
- 2/16/06: Enforcement of the Administrative Simplification Regulations - Final Rule
- HIPAA Fact Sheet
- How to determine if you are covered
- HIPAA Security education materials
- OCR Guidelines Explaining Significant Aspects of Privacy Rule
- FAQs about the Privacy Rule
- OCR now has Privacy Rule Listserv available
- OCR Contact Information
- Privacy Rule enforcement
- Summary of HIPAA Privacy Rule
- How to File a Health Information Privacy Complaint with OCR
- HIPAA and Health Information Technology
- HIPAA and Research
- HIPAA and FERPA
- CDC and HHS Issue New Guidance About the HIPAA Privacy Rule and Public Health
- HIPAA and Substance Abuse Treatment
- HIPAA and HIV Treatment
- HIPAA and Genetic Information
- HIPAA and Disclosures in Emergencies
- HIPAA and Emergency Planning
- Disposal of PHI
- Family Medical History Information
- Communicating with Others Involved in Patient's Care