The deadline of September 23, 2013 has passed for compliance with U.S. Department of Health and Human Services’ (HHS) final rule for covered entities, business associates and their subcontractors to comply with the new HIPAA rules.
The (HHS) Office for Civil Rights announces a final rule that implements a number of provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The U.S. Department of Health & Human Services website cites a covered entity as one of the following:
A Health Care Provider
A Health Plan
A Health Care Clearinghouse
This includes providers such as:
Doctors
Clinics
Psychologists
Dentists
Chiropractors
Nursing Homes
Pharmacies
...but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.
This includes:
Health insurance companies
HMOs
Company health plans
Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs
This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
Prior to the September 23 deadline, all covered entities should complete the following:
