HLM: OCR to release privacy and security rules in two weeks
Via Health Leaders Media:
OCR will release proposed rules later this month [or 'about two weeks or around June 26th'] on most of the HIPAA privacy and security-related provisions in HITECH, according to the North Carolina Healthcare Information and Communications Alliance (NCHICA).
<...> NCHICA reports the proposed rules will not include accounting for disclosures, which will be the subject of a separate proposed rule. The NPRM will also include clarification regarding "willful neglect" (penalty tiers).
Currently, that represents the most egregious breach of unsecured PHI and can include a penalty of at least $1.5 million under new HITECH tiers in the enforcement final rule.
The state alliance also reports state attorneys general (SAG) are "developing training programs, including information for SAG staff, covered entities and business associates regarding HIPAA requirements and processes for filings with HHS, based on lessons learned from the first AG filing in Connecticut." Under HITECH, state AGs can pursue lawsuits for HIPAA violations, and Connecticut's AG was the first to do so.
OCR is expected to begin its HITECH-required compliance audits next year, the alliance reports. OCR's audits will be outsourced because its resources are limited, according to the e-mail.
"Much remains to be decided," Susan McAndrew, JD, deputy director for Health Information Privacy, for OCR, said in the "Quiz the Regulator" session on June 7.
"State Alliance: Proposed HITECH Regulations Coming in Two Weeks," Health Leaders Media (June 15, 2010).
