2024 HIPAA Regulation Changes Require Action by Covered Entities and Business Associates

2024 hipaa regulation
/in , /by

2024 HIPAA Regulation Changes

Here’s what’s new:

The 2024 HIPAA Privacy Rule, which went into effect on June 25, 2024, is intended to “strengthen privacy protections for highly sensitive PHI about the reproductive health care of an individual, and directly advances the purposes of HIPAA by setting minimum protections for PHI and providing peace of mind that is essential to individuals’ ability to obtain lawful reproductive health care.” The 2024 HIPAA Privacy Rule defines “reproductive health care” as “health care … that affects the health of an individual in matters relating to the reproductive system and its functions and processes.” To view the final ruling, please visit: https://www.hhs.gov/sites/default/files/hipaa-privacy-rule-support-reproductive-health-care-privacy.pdf

What do employers need to do next?

Both self-funded group health plans and fully insured group health plans that have access to PHI must comply with the Final Rule. A self-insured health plan (includes FSAs and most HRAs in addition to Health, Dental, Vision, Wellness and EAP) sponsor is responsible for HIPAA compliance even where most of the plan administration is contracted with a third party. Compliance with this new HIPAA Final rule is required by Dec. 23, 2024, except with respect to the revised NPP (Notice of Privacy Practices), which is required by Feb. 16, 2026.

Employer plan sponsors of plans action items include:

  • Revise HIPAA policies and procedures manual.
  • Revise operational workflow to respond to requests for PHI potentially related to reproductive healthcare, including who will determine whether the request is for a prohibited purpose.
    • Develop a process for obtaining (and retaining) a written attestation when a request for PHI potentially related to reproductive healthcare is received, including what vendor will handle and when legal counsel should be involved.
  • Provide updated HIPAA training to relevant workforce members.
  • Review health plan documents for changes to the HIPAA privacy rule and the Part 2 rules (Confidentiality of Substance Use Disorder (SUD) issued February 8, 2024) and determine whether a plan amendment is required.
  • Review plan member communications to ensure HIPAA references are accurate and up to date.
  • Consider developing (or discuss with plan administrators about developing) a procedure for identifying and tracking PHI potentially related to reproductive healthcare, which could be instrumental in responding to requests for PHI.
  • Prepare to update and distribute the NPP, as required by February 16, 2026.

BASIC has a solution for you!

BASIC offers compliance solutions developed by industry experts, including HIPAA Compliance! We recommend that all BASIC FSA/HRA clients with self-funded plans consider adding BASIC HIPAA Compliance to make sure your organization is compliant with changing regulations, whenever they occur. Request a proposal today!

Not a BASIC FSA or HRA client? We can still help! BASIC HIPAA Compliance is available as a singular service, too. Request a proposal today!

BASIC HIPAA Service for Compliance

BASIC’s HIPAA Compliance service covers every aspect of legal compliance, from providing all required documents to proactive training for all staff involved with the handling of PHI. Eliminate the guesswork from compliance and documentation and receive access to a compliance expert to assist with client HIPAA questions. Stop worrying about constantly changing legal requirements and leave it to BASIC. Don’t wait to protect your organization, request a proposal today!

Request a No-cost Proposal