OCR may delay enforcement of business associate provisions in the HITECH Act

Posted on February 23, 2010 by Steve Fox and Vadim Schick

Pursuant to the HITECH Act, on February 17, 2010, business associates of covered entities became subject to the HIPAA Privacy and Security Rules, including provisions regarding implementation of various safeguards to secure protected health information.  As Steve Fox pointed out in a recent report on the subject by the Pittsburgh Business Journal, it is highly unlikely that most companies are ready to comply with these dramatic changes.

However, according to Hunton & Williams's privacy blog, Adam Greene of the HHS Office of Civil Rights (OCR) stated at an ABA conference on February 18, 2010, that OCR will delay enforcement of this provision of the HITECH Act until the relevant regulations are finalized.  OCR itself did not publish a press release on the subject, and we were unable to reach Mr. Greene for comment.

Regardless of OCR's intent to enforce compliance, the business associate provisions in the HITECH Act went into effect last week.  We would strongly encourage all covered entities and business associates to take all necessary actions to comply with the new law.

"Privacy policies over electronic health records expand reach," Pittsburgh Business Journal (February 19, 2010).

"HHS Delays Enforcement of HITECH Act Business Associate Provisions," Privacy & Information Security Law Blog (February 19, 2010).

 

 

Tags: , , , , , , , , , , , , , , ,
Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.healthitlawblog.com/admin/trackback/185538
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.