September 23, 2013. Today is the day that many of those who use protected health information (PHI) must comply with new Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, which went into effect 180 days ago.
If you use PHI in your work, hopefully by now you are aware of those changes. For the first time, Privacy and Security rules apply not only to covered entities and business associates, but also to subcontractors who provide services to those business associates. This includes the security breach notification requirements when PHI is compromised.
An HHS press release earlier this year noted, “Some of the largest breaches reported to HHS have involved business associates.” With the expanded scope of the rules, look for more enforcement actions in the future.