• E-mail
• Print
• RSS

HHS releases first installment of enforcement rule

HIPAA Weekly Advisor, June 28, 2003

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

The Office for Civil Rights (OCR) encourages voluntary compliance by covered entities, but it can now fine facilities up to $100 for each privacy rule violation, up to $25,000 per year for similar violations of the same requirement.

HHS published the first part of its HIPAA enforcement rule, "Civil Money Penalties: Procedures for Investigations, Imposition of Penalties, and Hearings," in the April 17 Federal Register.

HHS intends this interim rule to be the first installment of the HIPAA enforcement rule, which will establish requirements for imposing civil money penalties (CMPs). The interim final rule took effect on May 19, 2003, and runs until September 16, 2004. HHS will accept public comments until June 16, 2003.

"[The enforcement rule] sets out the basic procedural requirements the Office for Civil Rights will follow before it imposes CMPs on covered entities who willfully or negligently violate the HIPAA privacy rule," says Tom Jeffry, Jr., Esq. Jeffry is a partner at Davis Wright Tremaine LLP, in Los Angeles, and co-chair of the privacy policy advisory group with the Workgroup for Electronic Data Interchange.

As HHS has stated before, enforcement will be complaint-driven. That could prove more effective than having a yearly HIPAA survey, says Elaine Zacharakis, Esq., legal counsel for Baxter Health Care, in McGaw Park, IL. "I'm surprised how much knowledge there is about HIPAA out there. Because you have patient awareness, they will be demanding privacy. And that's going to generate complaints."

Go to http://www.himinfo.com/news/feature.cfm?content_id=33313 to read more.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive