HIPAA Final Rule 2013-Definitions

The HIPAA final rule 2013 made effective from March 26, 2013 makes a few important changes in the definitions.

Firstly, the definition of “Business Associate” has been expanded to include “Patient Safety Organizations”.  Hence Health Information Organizations (HIO), E-Prescribing Gateways, and Other Persons That Facilitate Data Transmission; as well as Vendors of Personal Health Records will be considered as “Business Associates” and such Business Associates will be directly covered under the obligations of Privacy, Security and Enforcement rules.

Secondly, any “Sub Contractor” of the business associate will also be considered as covered under the provisions of the Final rule as applicable for Privacy, Security and Enforcement. For this purpose, a Sub Contractor means “a person to whom a business associate delegates a function, activity, or service, other than in the capacity of a member of the workforce of such business associate.”. Hence the provision of obtaining satisfactory assurances for meeting HIPAA obligations extend to Sub Contractors as much as the primary business associates.

The third definitional aspect that is modified by the Final rule is to define that the ter “PHI” extends to the information of a deceased person upto a period of 50 years after death.


Print Friendly, PDF & Email

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in HIPAA. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.