HIPAA Privacy and Security rules are covered under
1. The HIPAA Privacy Rule, (45 CFR Part 160 and Subparts A and E of Part 164,)
2. The HIPAA Security Rule,( 45 CFR Part 160 and Subparts A and C of Part 164,)
3. The HIPAA Enforcement Rule,( 45 CFR Part 160, Subparts C – E)
Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted on February 17,2009, as title XIII of division A and title IV of division B of the American Recovery and Reinvestment Act of 2009 (ARRA), Public Law 111-5, modifies certain provisions of the Social Security Act pertaining to the HIPAA Rules, as well as requires certain modifications to the Rules themselves, to strengthen HIPAA privacy, security, and enforcement.
The HITECH Act also provides new requirements for notification of breaches of unsecured protected health information by covered entities and business associates.
In addition, the Genetic Information Nondiscrimination Act of 2008 (GINA) calls for changes to the HIPAA Privacy Rule to strengthen privacy protections for genetic information. This final rule implements the modifications required by GINA, as well as most of the privacy, security, and enforcement provisions of the HITECH Act. This final rule also includes certain other modifications to the HIPAA Rules to improve their workability and effectiveness.
Some of the proposed, and now final, changes are necessitated by the statutory changes made by the HITECH Act and GINA, while others are of a technical or conforming nature.
Naavi