Federal & State Lawfederalstatelaw.com
Back to Historical Archive

Health Insurance Portability and Accountability Act of 1996

2 amendmentstracked · Side-by-side comparison of previous and amended text

View amendments for other laws:

Civil Rights Act of 1964Clean Air ActSocial Security Act of 1935Immigration and Nationality Act of 1965Internal Revenue CodeAmericans with Disabilities Act of 1990Voting Rights Act of 1965Fair Labor Standards Act of 1938Health Insurance Portability and Accountability Act of 1996Affordable Care Act of 2010Endangered Species Act of 1973Sherman Antitrust Act of 1890National Labor Relations Act of 1935Clean Water Act of 1972Freedom of Information Act of 1966Dodd-Frank Wall Street Reform Act of 2010USA PATRIOT Act of 2001Fair Housing Act of 1968Telecommunications Act of 1996Homestead Act of 1862GI Bill (Servicemen's Readjustment Act of 1944)
February 17, 2009

HITECH Act strengthened HIPAA enforcement, required breach notification, and extended privacy rules to business associates.

Previous

Covered entities must safeguard protected health information. Business associates are bound by contractual obligations but not directly subject to HIPAA penalties.

Amended

Business associates are directly subject to HIPAA security and privacy requirements and penalties. Covered entities and business associates must provide notification of breaches of unsecured protected health information within 60 days.

January 25, 2013

HIPAA Omnibus Rule updated privacy and security standards and increased penalty tiers for violations.

Previous

Civil penalties for HIPAA violations range up to $100 per violation with an annual maximum of $25,000 per provision.

Amended

Civil penalties are structured in four tiers based on the level of culpability, ranging from $100 to $50,000 per violation, with an annual maximum of $1.5 million per provision.