News and Insights

Visit regularly for up-to-date information on relevant news, firm announcements and additions to our AZ Health Law Blog.

The government has published regulations that make sweeping changes to HIPAA. The regulations implement requirements of the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act of 2008.

The final rule implements the following changes:

  • Business associates are directly liable for certain aspects of compliance with HIPAA.
  • Disclosures of protected health information (“PHI”) for marketing and fundraising purposes are limited.
  • The authorization process for patients being enrolled in research studies is refined.
  • Requirements for notifying patients and the government in the event of a breach of unsecured PHI are clarified.
  • The penalty structure for violating HIPAA is revised.
  • Genetic information may not be used or disclosed by health plans for underwriting purposes.

Further changes to the HIPAA Privacy and Security Rules enable patients to exercise greater control over their information, and how it is used and disclosed. For example, Individuals may instruct their providers not to disclose treatment information to health plans if the individual has paid cash for the treatment, and patients will now be able to request their PHI to be provided to them in electronic form.

The official version of “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Act; Other Modifications to the HIPAA Rules,” will be published in the Federal Register on January 25, 2013.