The HITECH NPRM: Expansion of HIPAA’s Protections for EHR Privacy and Security, and Impact on Health Plans and Healthcare Providers 

On July 8, 2010, the Office for Civil Rights (OCR) released a notice of proposed rulemaking (NPRM), revising the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement rules in accordance with provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH). The NPRM was published in the Federal Register on July 14, 2010, and the comment period will expire on September 13, 2010. These proposed rules represent the most significant revisions to the HIPAA rules since 2006, and have major implications for all healthcare providers, health plans, healthcare clearinghouses, and their business associates and those business associates' subcontractors.

The topics to be covered in the webinar include, among others:

• Obligations of business associates and their subcontractors, and changes needed in business associate agreements;
  
  
• Amendments needed in the Notice of Privacy Practices;
  
  
• Practical issues for plans and providers in complying with the expansion of patient rights created by HITECH, concerning access to electronic information and restriction on disclosure of protected health information (PHI) to health plans for self-pay services; and
  
  
• Content of authorization forms for research uses, sale of PHI, marketing, and fundraising.