How HIPAA final rules affect health information technology vendors.

I n addition to healthcare reform, healthcare providers and their vendors now have to grapple with recently promulgated federal rules regarding privacy and security of health information. Key to the future of the healthcare reform efforts is health information technology (HIT), a broad term that is often used in conjunction with electronic health records (EHRs), mobile health (mHealth), telemedicine, health information organizations/health information exchanges (HIOs, also known as HIEs), and other developments that are revolutionizing the healthcare industry. HIT supports the development of a national information highway to facilitate the transmission of health data for treatment, payment, quality analysis, and a myriad of other uses. HIPAA-covered entities and many of their vendors (e.g., HIO and EHR consultants, data analytic firms, data transmission facilitators, software vendors, device vendors) rely on HIT to accomplish their individual roles in the U.S. healthcare system. Large data companies, small entrepreneurs, and investors are all participating in the growth of HIT. These unsuspecting vendors of the HIT system may unwittingly violate HIPAA if they do not pay close attention to new rules affecting the privacy and security of health information. While the use of HIT presents efficiency and potential quality improvements in healthcare, it also poses significant risks with respect to the privacy and security of health data. On January 25, 2013, the U.S. Department of Health and Human Services (HHS) announced the final omnibus rule amending HIPAA in accordance with the HITECH Act of 2009 (the “2013 Amendments”). The 2013 Amendments, which were effective on March 26, 2013 (with some exceptions), supplement and modify the HIPAA Privacy, Security, Breach Notification and Enforcement Rules (the “HIPAA Rules”). This article examines the key ways in which the 2013 Amendments impact HIT. BUSINESS ASSOCIATES NOW INCLUDE HIOS, DATA TRANSMISSION SERVICES, AND OTHERS