HHS Publishes Final Changes to HIPAA Privacy Rule

On Wednesday, August 14, 2002, the Secretary of the Department of Health and Human Services ("HHS") published in the Federal Register revised Standards for Privacy of Individually Identifiable Health Information ("Final Rule") under the Health Insurance Portability and Accountability Act of 1996, P.L. 104-191 ("HIPAA"). Most health care entities must be fully compliant with the Final Rule by April 14, 2003. The changes set forth in the Final Rule modify privacy standards originally promulgated in December 2000 ("Privacy Rule"), and are substantially similar to changes to the Privacy Rule proposed by HHS in a March 2002 Notice of Proposed Rulemaking ("March NPRM"). The Final Rule - available at www.hhs.gov/ocr/hipaa - is intended "to maintain strong protections for the privacy of individually identifiable health information while clarifying certain of the Privacy Rule's provisions, addressing the unintended negative effects of the Privacy Rule on health care quality or access to health care, and relieving unintended administrative burdens created by the Privacy Rule." more...