Health Information Management

ONC says HIPAA mega rule out by end of summer

HIM-HIPAA Insider, June 12, 2012

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

The national coordinator for health information technology says the HIPAA mega rule including modifications to the privacy and security rule, breach notification and enforcement should be published by the end of summer, HealthData Management reported June 6.

Farzad Mostashari made the announcement during the opening keynote of the Health Privacy Summit in Washington, D.C.
OCR made the final step in March before publishing final rules on HIPAA/HITECH, sending its rules to the Office of Management & Budget (OMB) March 24 for a review.
Once OMB completes the review — which can last up to 90 days — the rules will be published. OCR packaged four rules into one under the title, “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules.” The final rules will include:
  • Modifications to the HIPAA Privacy and Security Rules (namely making business associates and subcontractors liable and responsible for security-rule compliance and the use and disclosures provision of the privacy rule)
  • Enforcement (new penalty levels)
  • Breach notification
  • Modifications of the HIPAA Privacy Rule as required by section 105 of the Genetic Information Nondiscrimination Act of 2008
Each rule is required by HITECH, signed into law in 2009 and enhancing privacy and security protections and enforcement.
Susan McAndrew, OCR’s deputy director for health information privacy, said at the 20th HIPAA Summit March 26 at the Renaissance Hotel in Washington, DC, that OCR will also publish guidance on business associate contracts, de-identification, and conducting risk assessments to determine breaches.
For the latest HIPAA news and information, visit the HIPAA Update blog.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular