Health Information Management

State alliance: OCR to release HITECH regs this week

HIM-HIPAA Insider, June 18, 2010

The Office for Civil Rights (OCR) will release proposed rules this week on most of the HIPAA privacy and security-related provisions in HITECH, according to the North Carolina Healthcare Information and Communications Alliance (NCHICA).

After its sixth annual Academic Medical Center Conference in Chapel Hill, NC, June 7-9, the NCHICA sent an e-mail sent to HIPAA Weekly Advisor that reported the HITECH regulations would be released in “about two weeks or around June 26th.”

The information reportedly came from the session, “Meaningful Privacy and Security.” According to the e-mail, the proposed rules will not include accounting for disclosures, which will be the subject of a separate proposed rule.

The proposed rules will also include clarification regarding “willful neglect” (penalty tiers). Currently, that represents the most egregious breach of unsecured PHI and can include a penalty of at least $1.5 million under new HITECH tiers in the enforcement final rule.

The NCHICA also reports state attorneys general (SAG) are “developing training programs, including information for SAG staff, covered entities, and business associates regarding HIPAA requirements and processes for filings with HHS, based on lessons learned from the first AG filing in Connecticut.” Under HITECH, state AGs can pursue lawsuits for HIPAA violations, and Connecticut’s AG was the first to do so.

OCR is expected to begin its HITECH-required compliance audits next year, the alliance reports. OCR’s audits will be outsourced because its resources are limited, according to the e-mail.

“Much remains to be decided,” Susan McAndrew, JD, deputy director for Health Information Privacy, OCR, said in the “Quiz the Regulator” session on June 7, according to the NCHICA e-mail.


Most Popular