Final HIPAA privacy and security regulations issued by the U.S. Department of Health and Human Services will require action by group health plan sponsors by September 2013. According to an employee benefits blog issued by McDermott Will & Emory, the final rule largely adopts the proposed HITECH regulations with some additional expansions and clarifications, adopts revised breach notification rules, adopts a revised penalty structure for covered entities and business associates that violate HIPAA privacy and security rules, and incorporates protections required by the Genetic Information Nondiscrimination Act (GINA).
You can find information about The Genetic Information Nondiscrimination Act of 2008 (GINA), in a blog post of mine written in late 2009. Local healthcare attorney Jennifer Stiller guest blogged here and here in early 2010 about the HITECH and new privacy regulations. And now, finally, we have final regulations. You can read additional details in the excellent article written by Amy M. Gordon and Jamie A. Weyeneth of McDermott Will & Emory.