Self-insured employer health plans, whether administered by the sponsor or by a third party administrator (TPA), need to be in compliance with the amended HIPAA rules, effective September 23, 2013. That date has now passed and not all employers with self-insured plans are aware of their obligations or have fully complied. 

As we reported here, the U.S. Department of Health and Human Services (“HHS”) recently issued final regulations (the “Final Rule”) implementing changes to HIPAA mandated by the HITECH Act. The long awaited Final Rule addresses a number of privacy and security topics, including breach notification. 

On January 17, 2013, the U.S. Department of Health and Human Services released final regulations implementing changes to HIPAA mandated by the HITECH Act, as well as updated regulations under the Genetic Information Nondiscrimination Act. This major rulemaking package includes changes to the HIPAA privacy rule, information security rule, data breach notification rule and enforcement rule.