On January 25, 2013, the Department of Health and Human Services (HHS) issued a final rule that modifies the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules, which are part of the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act (GINA). The final rule is intended to strengthen the privacy and security protection for individuals’ health information, including genetic information, which is maintained in electronic health records and other formats.
The effective date of this final rule is March 26, 2013. Covered entities and business associates must comply with the applicable requirements of this final rule by September 23, 2013.