Health Information Management

HIPAA/HITECH final rules in the hands of the Office of Management & Budget

HIM-HIPAA Insider, April 3, 2012

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

OCR took the final step before publishing final rules on HIPAA/HITECH, sending its rules to the Office of Management & Budget (OMB) March 24 for a review.

Once OMB completes the review—which can last up to 90 days—the rules will be published. OCR packaged four rules into one under the title, “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules”:
 
The final rules will include:
  • Modifications to the HIPAA Privacy and Security Rules (namely making business associates and subcontractors liable and responsible for security-rule compliance and the use and disclosures provision of the Privacy Rule)
  • Enforcement (new penalty levels)
  • Breach notification
  • Modifications of the HIPAA Privacy Rule as required by section 105 of the Genetic Information Nondiscrimination Act of 2008
Each rule is required by HITECH, signed into law in 2009, and enhances privacy and security protections and enforcement.
 
Susan McAndrew, OCR’s deputy director for health information privacy, said at the 20th HIPAA Summit March 26 at the Renaissance Hotel in Washington, DC, that OCR will also publish guidance on business associate contracts, de-identification, and conducting risk assessments to determine breaches.
 
Click here to read more.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular