• Ann Arbor
    Ann Arbor
    201 S. Division Street
    Suite 400
    Ann Arbor, MI 48104
    T 734-761-3780
  • Cheboygan
    Cheboygan
    229 Court Street
    P.O. Box 405
    Cheboygan, MI 49721
    T 231-627-8000
  • Detroit
    Detroit
    1901 St. Antoine Street
    6th Floor at Ford Field
    Detroit, MI 48226
    T 313-259-7777
  • Grand Rapids
    Grand Rapids
    99 Monroe Avenue NW
    Suite 506
    Grand Rapids, MI 49503
    T 616-205-4330
  • Troy
    Troy
    201 W. Big Beaver Road
    Suite 500
    Troy, MI 48084
    T 248-743-6000
Go to page >
Go to page >
competitive drive
 

News Center

in the know
 

HIPAA Implementation Deadline Date is September 23, 2013 - Are You Ready?

A Health Care Client Alert

By: E. William S. Shipman

09/04/13

In January 2013, the Department of Health and Human Services (HHS) published a long awaited omnibus final rule with modifications and clarifications to the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Health Insurance Portability and Accountability Act (HIPAA). Compliance with most of the provisions is required by September 23, 2013.

The final rules consist of: (1) final modifications to the HIPAA Privacy, Security and Enforcement Rules mandated by HITECH; (2) official incorporation of the increased and tiered civil money penalty structure provided by HITECH; (3) modification to the breach notification rules for unsecured Protected Health Information (PHI) under HITECH (which replaces the breach notification rule’s ‘‘harm’’ threshold with a more objective standard); and (4) modifications to the HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes.

This effective date is less than a month away. Your compliance checklist should include the following:

  • Notices of Privacy Practices almost certainly need to be updated.
  • Breach notification policies and practices likely need to be updated.  Any acquisition, access, use, or disclosure of unsecured PHI not permitted under HIPAA is presumed to be a breach unless a covered entity or business associate can demonstrate a low probability that the PHI has been compromised.
  • Business associate agreements may need to be updated.

Bodman can help your organization review and develop policies and procedures that meet your needs and provide practical advice.  If you would like to discuss these or any other legal issues affecting your organization, please contact the chair of our Health Care Practice Group, Bill Shipman, at (313) 393-7562 or wshipman@bodmanlaw.com.