Health IT Law Blog

Updates to privacy and security regulations expected soon

According to Healthcareinfosecurity.com, the Office of Civil Rights (OCR) is still working on the final rule regarding the updates to HIPAA and the related HIPAA Privacy and Security Rules mandated by the HITECH Act. Susan McAndrew, deputy director for health information privacy at OCR, stated at a conference in Washington, DC, that such changes will be contained in one omnibus regulation and is expected to be published in a matter of months, if not weeks.

Such omnibus regulation will cover:

  • HITECH Act-mandated modifications to the HIPAA privacy, security and enforcement rules. These changes, for example, formalize higher penalties for HIPAA violations and make it clear that business associates must comply with HIPAA. Last December, HHS had indicated in its semi-annual regulatory agenda that the final HIPAA modifications, many of which were issued in preliminary form last year, would be completed by March.
     
  • The breach notification rule. An interim final version is already in effect. OCR yanked a proposed final version of the rule last year for further consideration. Some observers speculated that the office may be reconsidering the controversial "harm standard" in the interim final version of the rule, which enables organizations to conduct a risk assessment to determine whether a security incident represents a significant risk of harm and thus merits reporting.
     
  • Privacy provisions under the Genetic Information Nondiscrimination Act. These provisions will formalize that using genetic information for insurance underwriting purposes is a privacy violation as well as a non-discrimination violation, McAndrew said.

 

Ms. McAndrew also indicated that "a notice of proposed rulemaking revealing a proposal for accounting for disclosures of information in electronic health records "probably" would be issued before the omnibus set of final regulations. Once that notice is issued, OCR will accept comments before issuing a proposed rule."

"HITECH Mandated Regs Still in Works," Healthcareinfosecurity.com (May 11, 2011).

 

Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.healthitlawblog.com/admin/trackback/248790
Comments (0) Read through and enter the discussion with the form at the end
www.healthitlawblog.com
Post & Schell, P.C.
Allentown
1245 South Cedar Crest Boulevard
Suite 300
Allentown, PA 18103
(610) 433-0193
(610) 433-3972
(fax)
Harrisburg
17 North Second Street
12th Floor
Harrisburg, PA 17101-1601
(717) 731-1970
(717) 731-1985
(fax)
Lancaster
1857 William Penn Way
P.O. Box 10248
Lancaster, PA 17605-0248
(717) 291-4532
(717) 291-1609
(fax)
Philadelphia
Four Penn Center
1600 John F. Kennedy Boulevard
Philadelphia, PA 19103-2808
(215) 587-1000
(215) 587-1444
(fax)
Pittsburgh
One Oxford Centre
301 Grant Street
Suite 4300
Pittsburgh, PA 15219
(412) 577-2972
(412) 577-2973
(fax)
Princeton
Overlook Center
100 Overlook Drive
Princeton, NJ 08540
(609) 924-3333
(609) 924-4144
(fax)
Washington, D.C.
Suite 600
607 14th Street NW
Washington, D.C. 20005-2006
(202) 347-1000
(202) 661-6970
(fax)