|
ONC Releases Final Rule for Temporary HIT Certification ProgramOn Friday afternoon, June 18, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) released the final rule: Establishment of the Temporary Certification Program for Health Information Technology. The final rule can be viewed in portable document format (pdf) online at: www.federalreigster.gov/OFRUpload/OFRData/2010-14999_PI.pdf. The final rule will be published in the Federal Register, most likely next week, and will be effective upon date of publication. This temporary certification program will cover testing and certification of EHR technology that will be eligible for the Medicare and Medicaid financial incentive programs relating to meaningful use of such technology that was authorized under the HITECH Act. |
|
|
Final Rule on EHR Certification Programs ImminentThe Office of Management and Budget (OMB) completed its review of the Proposed Establishment of Certification Programs for Health Information Technology final rule on June 14, 2010, so publication in the Federal Register is imminent. This final rule explains the proposed establishment of certification programs for voluntary certification of health information technology, as specified in section 3001(c)(5) of the HITECH Act, which is available on the hipaa.com site. This final rule is a follow-on to the proposed rule of the same title that was published in the Federal Register on March 10, 2010 (75 Federal Register 11327-11373). |
|
|
Reported Breaches of 500 or More Individuals up to 93 and Affecting Over 2.5 Million Individuals; Enforcement and PenaltiesAs of Friday, June 4, 2010, 93 breaches affecting 500 or more individuals have been reported on the Office for Civil Rights (OCR) Web site. The total number affected has gone beyond 2-1/2 million individuals today, and stands at 2,565,352 individuals. Of the 87 breaches involving breach of hard copy or electronic protected health information, 26% involve hard copy or paper records and 74% records on electronic media or devices. Overall, 71% of the 93 breaches involve theft or loss of records, many of which might have been avoided by appropriate securing of hard copy records and electronic media and devices. Below we remind readers of the Department of Health and Human Services (HHS) enforcement efforts for violations of the HIPAA Privacy and Security rules, and the increased penalty structure for violations of those rules and the HITECH Act Breach Notification Rule. |
|
|
OCR Stepping Up HIPAA Security EnforcementHealth Data Management (HDM) reported today, May 12, that the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) is going to strengthen HIPAA Security Rule enforcement, based on statements made on Tuesday, May 11 by the OCR Deputy Director for Privacy. These reported statements comes several days after OCR’s release on May 7 of its Draft Security Rule Guidance on Risk Analysis, the first in a series of guidances on security, that hipaa.com posted earlier today, and precedes the likely release later this month of the Notice of Proposed Rulemaking (NPRM): Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act. |
|
|
Prison Time for Privacy Breach of PHI; OCR Breach List Continues to Grow; More Training NeededHDM Daily reported on April 29, 2010, a four month federal prison sentence for a HIPAA privacy violation. On the same day, OCR at HHS reported on its Web site 67 entities that have reported breaches affecting 500 or more individuals since the breach notification rule became effective. HIPAA.com believes that these two reports illustrate the need for more privacy and security training, and invite readers to sign up on the hipaa.com Web site for more information in May about training from HIPAA School. |
|
|
HHS’ ONC Releases Proposed Rule for Temporary and Permanent HIT Certification ProgramsOn Wednesday, March 10, 2010, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register the Proposed Rule (NPRM) for Proposed Establishment of Certification Programs for Health Information Technology. [75 Federal Register 11327-11373] We present the summary of the NPRM. |
|
|
OCR Identifies 36 Entities with Breaches Affecting 500 or More IndividualsOn Monday, February 22, 2010, the federal government, through the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS), began enforcing the Breach Notification Rule for breaches occurring on or after that date. The Breach Notification for Unsecured Protected Health Information; Interim Final Rule, was published in the Federal Register on Monday, August 24, 2009 [74 FR 42739-42770] and was effective September 23, 2009. Since September 22, 2009, 36 breaches affecting 500 or more individuals have been reported to OCR. The total number of individuals affected was 1,073,657, with two of the breaches involving 359,000 (FL) and 500,000 (TN), as reported. |
|
|
Today, February 17, Business Associates Must be in Compliance with HIPAA Security RuleToday, Wednesday, February 17, 2010, Business Associates of Covered Entities must be able to demonstrate that they are in compliance with administrative, physical, and technical safeguards of the HIPAA Security Rule, as required by the HITECH Act, enacted one year ago today as part of the American Recovery and Reinvestment Act of 2009. In addition, Business Associate Agreements must be rewritten or amended to specifically require a Business Associate’s compliance with the Security Rule as part of its “satisfactory assurances.” Financial penalties for noncompliance discovered during a compliance audit or complaint investigation could be severe, especially for willful neglect. |
Syndicate this site
Sign up for email updates
Follow HIPAA.com on Twitter
