On January 25, 2013, the Department of Health and Human Services (HHS) issued a final rule that modifies the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules, which are part of the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act (GINA). The final rule is intended to strengthen privacy and security protection for individuals’ health information, including genetic information maintained in electronic health records and other formats.
The effective date of this final rule was March 26, 2013. Covered entities and business associates must have complied with the applicable requirements of this final rule by September 23, 2013.