ENFORCEMENT OF THE NEW HIPAA RULE TO INCLUDE DATA STORAGE AND (POTENTIALLY) EDISCOVERY SERVICE PROVIDERS

“Enforcement of the new Health Insurance Portability and Accountability Act (HIPAA) omnibus rule will begin soon on September 23, 2013. The new rule broadens the HIPAA’s Privacy and Security Rules to include not only ‘covered entities’ — health care providers, health plans and health care clearinghouses — and their ‘business associates,’ but subcontractors of business associates, as well. The new rule modifies ‘business associates’ to include anyone who “‘creates, receives, maintains, or transmits’ protected health information [PHI] on behalf of a covered entity.” This includes data storage companies and potentially eDiscovery service providers.”

LINK TO ARTICLE