Wiggin
๏ƒ‰
Find a Person
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z View All

Publications

Home 9 Publication 9 Privacy Requirements

Privacy Requirements

May 16, 2002

3


Privacy Requirements

Have Your HIPAA Privacy Compliance Strategy Defined, Budgeted and Under Way

When extending the compliance deadline for the electronic transactions and code sets regulations, Congress specifically stated that it was not extending the April 14, 2003 compliance date for the privacy regulations. Privacy generally is the most expansive of the HIPAA requirements and has caused the most discussion and concern. Implementing the HIPAA privacy requirements necessitates reviewing and revising practices for use and disclosure of information throughout the organization; contracting with “business associates” who receive or may access protected health information; adopting numerous new policies and procedures required by HIPAA; educating the workforce on these new requirements and establishing mechanisms to assure ongoing compliance.

In response to the many questions and issues raised after the final privacy rule took effect, HHS issued Guidance in July of 2001. The HHS Guidance clarified several questions, and indicated that some issues would require modification of the regulations. On March 27, 2002, HHS issued a Notice of Proposed Rulemaking proposing several modifications to the privacy rule and seeking comments.

The most significant change proposed is elimination of the requirement that covered health care providers obtain a patient’s advance written consent to use or disclose protected health information for treatment, payment or health care operations. Instead, under the proposed modifications, the provider would be required to make a good faith effort to obtain an individual’s written acknowledgement of receipt of the provider’s notice of privacy practices. Removing the consent requirement would help alleviate logistical problems raised by requiring a consent in advance of using health information, such as scheduling appointments, filling prescriptions, or evaluating potential new patients for a referral or admission.

The proposed modifications do not change the substance or structure of the Privacy Rule.

Neither the elimination of the consent requirement nor the other smaller proposed revisions would fundamentally change the substance or structure of the HIPAA privacy requirements. These proposed changes are generally helpful and serve to fine-tune some of the privacy regulations. They include proposed revisions affecting marketing, research, authorization forms and the designation of “hybrid” entities, among other smaller changes. The HHS proposal also asked for comments concerning an alternative approach to “de-identification,” which would alleviate some problems regarding use of data for quality review and research.

The proposed modifications include a model business associate agreement. Use of this model is optional, however, and many covered entities will choose to include additional provisions for clarity and liability protection. The proposed modifications, if adopted, would also allow up to an additional year for covered entities to amend certain written agreements with business associates.

The proposed privacy modifications should NOT be considered a reason to delay implementation plans and activities.

HHS does not have the authority to delay the April 14, 2003 compliance deadline; only Congress can delay it, and there is no indication that Congress intends to do so. The very extensive nature of the tasks required to implement the privacy regulations – ranging from inventorying existing information practices, to establishing contracts with business associates, to developing numerous policies and procedures, to educating the entire workforce concerning these new policies and requirements – generally will require the full time now remaining before the compliance deadline.

We expect that HHS will finalize the proposed modifications to the privacy requirements by early fall, 2002. It is possible – and necessary – to proceed with privacy implementation by structuring and sequencing implementation tasks to minimize the need for revision once the proposed modifications are finalized. For this purpose, Wiggin & Dana has prepared a detailed analysis of the impact of the proposed modifications on the numerous implementation tasks involved in complying with the privacy regulations. This chart is available on our HIPAA web page www.HIPAA-law.info or through contacting any member of our HIPAA Team.

For further information concerning the privacy requirements, see the HIPAA Summary referenced above, or contact a member of our HIPAA Team.

Resources

HIT Advisory - HIPAA Update.pdf

Firm Highlights

News

Recognized for Excellence: Wiggin and Dana Named Law Firm of the Year, Attorney of the Year, and Earns 8 Additional Honors at the 2025 New England Legal Awards

Wiggin and Dana is proud to announce an extraordinary achievement at The American Lawyer’s 2025 New England Legal Awards, where the firm earned 10 top honors and was recognized as a finalist in additional categories. These awards celebrate excellence across the legal profession, and this yearโ€™s results underscore Wiggin and Danaโ€™s commitment to delivering exceptional […]
Read More
News

Wiggin and Dana Celebrates Top Honors in Benchmark Litigationโ€™s 2026 Rankings

Wiggin and Dana is proud to announce that Benchmark Litigation has once again recognized the firmโ€™s excellence in litigation, naming 13 attorneys as โ€œLitigation Starsโ€ and three attorneys as โ€œFuture Starsโ€ in its 2026 edition. The firm also earned Benchmarkโ€™s highest distinction, being ranked as a โ€œHighly Recommendedโ€ firm. Benchmark Litigation praised Wiggin and Dana […]
Read More
News

The National Law Journal Shortlists Wiggin and Dana for Litigation Departments of the Year โ€“ White Collar

Wiggin and Dana is proud to announce that its White Collar Defense, Investigations, and Corporate Compliance Practice Group has been selected by The National Law Journal as a finalist for Litigation Departments of the Year, White Collar. The firmโ€™s White Collar Defense, Investigations, and Corporate Compliance Practice Group includes former federal prosecutors from the U.S. […]
Read More
News

Benchmark Litigation Names Wiggin and Dana Partners to the 2025 โ€œ40 & Under Listโ€

Wiggin and Dana Litigation Partners, Laura Ann K. Froning, Robyn E. Gallagher, and David Norman-Schiff were named to Benchmark Litigationโ€™s 2025 โ€œ40 & Under Listโ€. The Benchmark Litigation team bestows this distinction upon the nationโ€™s most accomplished litigators aged 40 and younger who are considered the top emerging talent in litigation.ย The list is compiled based […]
Read More
News

Wiggin and Dana Expands Real Estate Practice with Addition of Vasiliki Yiannoulis-Riva

Wiggin and Dana LLP is pleased to announce that Vasiliki (Vasi) Yiannoulis-Riva has joined the firm as a Partner in the Real Estate, Environmental, Construction and Facilities Department, based in both the Stamford, CT and New York, NY offices. Vasi brings more than a decade of experience advising clients on commercial real estate transactions, leasing, […]
Read More
News

Chambers High Net Worth 2025 Honors Wiggin and Dana Lawyers and Private Client Services Practice

Wiggin and Dana is pleased to announce that the firmโ€™s Private Client Services practice and its partners, Michael T. Clear,ย Daniel L. Daniels, Jevera K. Hennessey, Leonard Leader, Vanessa L. Maczko, Steven B. Malech, and Carolyn A. Reers, have been ranked in the ninth edition of the annual Chambers High Net Worth (HNW) 2025 Guide. Additionally,ย Jonathan […]
Read More