HIPAA

By cjmarselis
  • Security and Electronic Signature Standards Rule (Security Rule) Proposed

    Security and Electronic Signature Standards Rule (Security Rule) Proposed

    New legislation proposed to further improve security standards to better protect individual health information shared by health plans, healthcare clearinghouses and healthcare providers. Legislation also covers use of electronic signatures by HIPAA Covered Entities
  • HIPAA Introduced

    HIPAA Introduced

    Congress passes the Health Insurance Portability and Accountability Act (HIPAA) which is signed by President Bill Clinton. Process of modernizing healthcare information exchange begins. Bill also ensures workers do not lose health insurance coverage when changing employment
  • Period: to

    HIPAA Implementation

  • Privacy Rule Proposed

    Privacy Rule Proposed

    Privacy Rule proposed to improve privacy standards and restrict disclosure of PHI and personal identifiers to unauthorized individuals. Patients will also be given better access to their health data.
  • HIPAA Privacy Rule Issues

    HIPAA Privacy Rule Issues

    Privacy Final Rule issue only to receive technical corrections the following day. The corrections cover compliance dates and access PHI by the clergy. OCR delegated responsibility for policing HIPAA
  • HIPAA delays

    HIPAA delays

    Privacy Final Rule technical corrections scheduled to go into effect on February 26 but Bush administration reopens comment period delaying introduction of new legislation
  • Proposed Privacy Rule Modified

    Proposed Privacy Rule Modified

    HHS makes changes to proposed Privacy Rule to clarify its provisions and to ease administrative burden on healthcare providers
  • HIPAA Security Standards Final Rule Issued

    HIPAA Security Standards Final Rule Issued

    Security Rule issued requiring CEs use appropriate administrative, physical, and technical safeguards to protect confidentiality, integrity, and security of ePHI
  • HIPAA Privacy Rule Compliance Deadline

    HIPAA Privacy Rule Compliance Deadline

    Privacy Rule comes into effect and requires all CEs to allow patients access to their health information on request, while limits places on how, when and to whom health records can be dislocsed
  • Transactions and Code Sets Rule Deadline

    Transactions and Code Sets Rule Deadline

    Deadline for adopting new codes for transactions and electronic exchanges including new diagnosis and procedure codes. Change intended to increase standards and improve efficiencies in healthcare industry.
  • HIPAA Enforcement Rule - Proposed Rule

    HIPAA Enforcement Rule - Proposed Rule

    Enforcement Rule proposed providing OCR control of investigations into HIPAA violations and issues financial penalties for HIPAA violations. Procedure for hearings introduced
  • HIPAA Security Rule Compliance Deadline

    HIPAA Security Rule Compliance Deadline

    Covered healthcare organizations must comply with new requirements of Security Rule and implement greater controls to keep health records secure and confidential. Allows OCR to issue civil penalties for violations
  • Enforcement Rule Goes into Effect

    Enforcement Rule Goes into Effect

    Enforcement Rule goes into effect marking start of new phase in HIPAA compliance in which OCR can issue financial penalties for a CE failing to implement requirements of HIPAA Privacy and Security Rules
  • OCR Critized for Lack of Enforcement

    OCR Critized for Lack of Enforcement

    OCR criticized for apparent lack of enforcement of HIPAA Privacy and Security Rules. No fines to organizations imposed by this point in spite of over 33,000 complaints. 8,000 complaints investigated and no financial penalties issues. HHS urges OCR to get tough on offenders.
  • First OCR Settlement for HIPAA Violations

    First OCR Settlement for HIPAA Violations

    OCR issues first financial penalty to CVS Pharmacy Inc which is ordered to pay $2.25 M for improperly dumping patient health records
  • HITEC Act Signed

    HITEC Act Signed

    Health Information Technology for Economic and Clinical Health Act introduced as part of The American Recovery and Reinvestment Act of 2009 (ARRA). Introduces incentives to improve information technology infrastructure and encourage use of EHR systems
  • Breach Notifications Interim Regulations Issued

    Breach Notifications Interim Regulations Issued

    HHS introduces regulations covering data breaches as required by HITECH Act. Requires CE to report data breaches to OCR and notify potential victims of incidents which expose personal and health information

  • HITECH Act Enforcement Interim Rule Issued

    HITECH Enforcement interim rule issued which includes new tiered structure of financial penalties for HIPAA violations based on 4 categories of culpability. Rule significantly increases fines for violations up to $1.5 million per identical violation
  • HITECH Enforcement Begins

    HITECH Enforcement Begins

    HITECH becomes enforceable with new financial penalities
  • First Attorney General HIPAA Fine Issued

    First Attorney General HIPAA Fine Issued

    Connecticut Attorney General fines Health Net Inc. for failure to comply with HIPAA Privacy and Security Rules. Fined $250,000 for loss of unencrypted hard drive containing PHI of 1.5 million Americans.
  • HIPAA Compliance Audits Begin with OCR

    HIPAA Compliance Audits Begin with OCR

    OCR performs 115 audits on health care organizations, healthcare clearing houses, and health plans in pilot round of audits
  • Omnibus Final Rule Takes Effect

    Omnibus Final Rule Takes Effect

    Modifications to HIPAA Privacy, Security, Enforcement, and Breach Notification Rules received for review by Whitehouse Office of Management and Budget. Includes updates to HIPAA and HITECH including breach notification and BA can be held liable for breaches and certain HIPAA violations
  • Omnibus Rule Compliance Deadline

    Omnibus Rule Compliance Deadline

    Omnibus Final Rule becomes enforceable after technical corrections made. BAs and their contractors subject to rule and may be imposed financial penalty of up to $1.5 M per violation.