HHS released final HIPAA privacy and security regulations way back on January 25, 2013. These regulations impact covered entities, including group health plans, most health care flexible spending accounts, and their business associates. The new rules went into effect on March 26, 2013, but covered entities and business associates generally have until September 23, 2013 to comply. The new rules also require the HHS to investigate HIPAA complaints and increase penalties for HIPAA violations. The regulations include four levels of violations with four tiers of penalties, ranging from $100 to $50,000 per violation to a maximum fine of $1.5 million.
If you have been putting compliance off because dozens of other things have been demanding your attention, let me remind you that Labor Day will be here before we know it. Here’s a great article by Jewelie Grape of Leonard, Street and Deinard that should bring you up to speed.