On January 17, 2013, the Office for Civil Rights of the U.S. Department of Health and Human Services released its final rule modifying the Privacy Rule, the Security Rule, and the Enforcement Rule under the Health Insurance Portability and Accountability Act (HIPAA), and the Breach Notification Rule under the Health Information Technology for Economic and Clinical Health Act (HITECH Act). This final rule marks a major development in healthcare privacy law.

Many provisions of the proposed rule were made permanent, imposing new privacy and security obligations directly on business associates and modifying the definition of "breach" and the required factors to be considered in a risk assessment.

Government Resources

Additional Resources