The Catholic University of America

Welcome to the HIPAA section of our webpage. This front page will reflect our most current information on HIPAA issues affecting educational institutions.


Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination
Act; Other Modifications to the HIPAA Rules; Final Rule,
78 Fed. Reg. 5565, Jan. 25, 2013.

This final rule is effective on March 26, 2013. Compliance date: Covered entities and business associates must comply with the applicable requirements of this final rule by September 23, 2013. The Final Rule makes business associates of covered entities directly liable for compliance with certain HIPAA Privacy and Security Rule requirements; increases limits on the use or disclosure of protected health information (PHI) for marketing or fundraising purposes; expands individuals’ rights to receive electronic copies of their health information; requires modifications to, and redistribution of a covered entity’s notice of privacy practices; and adopts changes to the HIPAA Enforcement Rule to implement increased and tiered civil monetary penalties enacted by the HITECH Act.

Dangerous Patient: Gudiance Letter January 2013

Letter issued by the U.S. Department of Health and Human Services (HHS) on January 15. The letter, citing 45 CFR § 164.512(j), states that the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule does not prevent the disclosure by a health care provider of necessary information about a patient to law enforcement, family members of the patient, or other persons, when the health care provider believes that a patient presents a serious danger to himself or other people