Health Information Management

Proposed HITECH rule for business associates will come soon, says OCR lawyer

HIM-HIPAA Insider, March 8, 2010

The HIPAA privacy and security enforcer will release a proposed rule regarding business associate (BA) provisions in HITECH “shortly,” according to Adam H. Greene, Office of the General Counsel for OCR.

In an e-mail to HIPAA Update, Greene wrote that OCR’s rulemaking will elaborate on the expected date of compliance surrounding the rule.

Per HITECH, BAs must comply with the HIPAA Security Rule and the use and disclosure provisions of the privacy rule and enter into an updated agreement with their covered entities.

However, a lawyer blogged last month that Greene said OCR would delay enforcement of some BA provisions until OCR publishes final rules addressing those provisions.

OCR has responded to Greene’s statements at the American Bar Association’s 11th Annual Conference on Emerging Issues in Healthcare Law.

Mike Robinson of HHS News, which handles media inquiries for OCR, wrote in an e-mail to HIPAA Update that covered entities and BAs must comply with published rules—including the interim final rule on breach notification. OCR also published an interim final rule on enforcement, which includes greater civil and monetary penalties.

For the full story, please visit HIPAA Update.

Most Popular