Corporate Compliance

HIPAA/HITECH final rules sent to Office of Management & Budget

Compliance Monitor, April 4, 2012

OCR made the final step before publishing final rules on HIPAA/HITECH, sending its rules to the Office of Management & Budget (OMB) March 24 for a review.

Once OMB completes the review — which can last up to 90 days — the rules will be published. OCR packaged four rules into one under the title, “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules”

The final rules will include:

  • Modifications to the HIPAA Privacy and Security Rules (namely making business associates and subcontractors liable and responsible for security-rule compliance and the use and disclosures provision of the privacy rule)
  • Enforcement (new penalty levels)
  • Breach notification
  • Modifications of the HIPAA Privacy Rule as required by section 105 of the Genetic Information Nondiscrimination Act of 2008

Each rule is required by HITECH, signed into law in 2009 and enhancing privacy and security protections and enforcement.

Read more on HCPro’s HIPAA Update blog.

Most Popular