Modifications to the HIPAA Privacy, Security, and Enforcement
Rules Under the Health Information Technology for Economic and Clinical
The Department of Health and Human Services (HHS) is issued a notice of proposed modification to the Standards for Privacy of Individually Identifiable Health Information (Privacy Rule), the Security Standards for the Protection of Electronic Protected Health Information (Security Rule), and the rules pertaining to Compliance and Investigations, Imposition of Civil Money Penalties, and Procedures for Hearings (Enforcement Rule) issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The purpose of these modifications is to implement recent statutory amendments under the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act” or “the Act”), to strengthen the privacy and security protection of health information, and to improve the workability and effectiveness of these HIPAA Rules, 45 CFR Parts 160 and 164.
There is a simplification in the proposed modification. “Covered entities” will be health care providers who conduct covered health care transactions electronically, health plans, and health care clearinghouses.