In a recent statement, HHS announced that enforcement under the recently HIPAA privacy rule will become tougher. The tougher enforcement of HIPAA is expected to result from both breach complaint investigations, as well as random audits of providers.

The recently released final privacy rule expands the reach of the security and privacy rules. The rule clearly makes “business associates” and subcontractors accountable to virtually the same extent as covered entities.

From September 2009 through the end of 2012, the HIPAA privacy enforcement arm of HHS received 77,200 HIPAA complaints, investigated 27,500 cases, issued 18,600 corrective actions and collected $14.9 million in fines and resolution settlements.

To aid health care providers in complying with the requirements of the new expanded rules, HHS also announced that they will be publishing compliance tools on their website. Already posted is a sample expanded business associate agreement.

The new privacy rules go into effect on March 26, 2013, and the compliance deadline is September 23, 2013. Providers should take action now to determining whether they are HIPAA compliant.