Update on HIPAA privacy: are you ready?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) created new requirements for health care providers to protect the privacy and security of individually identifiable health information. Regulations to implement HIPAA's privacy provisions were published by the Department of Health and Human Services (HHS) in "final" form in December 2000 (the Privacy Rules). In March, 2002, HHS proposed modifications to the Privacy Rules, which were published on August 14, 2002. The modified final regulations differed from the 2000 regulations in a number of important respects. Most recently, on December 4, 2002, the Office of Civil Rights (OCR), which is charged with enforcement of HIPAA, published "Guidance Explaining Significant Aspects of the Privacy Rule." The Privacy Rules went into effect on April 14, 2003. This article provides a summary of the modified Privacy Rules, discusses some interesting aspects of OCR's "guidance," and highlights the requirements that are most likely to impact the practice of medical genetics.