• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Finally, HIPAA/HITECH Act Privacy, Security, Breach Notification, Enforcement Final Rules at OMB

March 24, 2012 American Recovery and Reinvestment Act, Enforcement, GINA, Health IT and HITECH, HIPAA Law, Privacy, Security No Comments

March 24, 2012.   Today, the Office of Information and Regulatory Affairs at the Office of Management and Budget (OMB) in the Executive Office of the President showed that it had received the much-delayed Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Final Rules entitled:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (RIN:  0945-AA03). Following review by OMB, the rules will be published in the Federal Register, most likely in April if OMB’s review is timely.

The Abstract of the Rules reads:  “The Department of Health and Human Services Office for Civil Rights will issue final rules to modify the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules as necessary to implement the privacy, security, enforcement, and breach notification provisions of Subtitle D of the Health Information Technology for Economic and Clinical Health Act (Title XIII of the American Recovery and Reinvestment Act of 2009), and will modify the HIPAA Privacy Rule as required by section 105 of the Genetic Information Nondiscrimination Act [GINA] of 2008.”

For the provisions of the HITECH Act underpinning the modifications, see Subtitle D (123 STAT. 258-279) and for the provisions underpinning GINA, see 42 USC 1320d-9.

As we have reported in previous postings, OCR privacy and security audits are underway, and privacy and security breaches impacting 500 or more individuals, required to be publicly disclosed on OCR’s Web site, continue to grow. As of today, 409 breaches have impacted 19,168,745 individuals from September 22, 2009 through February 11, 2012.  About 18.5 percent of all of those breaches involve business associates, who will be required to implement the HIPAA Security Rule just as covered entities are required under HIPAA today. About 60 percent of all of those breaches involve electronic devices or media.  Over 91 percent of theft and losses of electronic devices or media involve laptops or other portable electronic devices.  Presumably, with compliance audits and significantly increased financial penalties for non-compliance, release now of the modified Final Rules will heighten attention by covered entities to achieve privacy and security compliance and to avoid a privacy or security breach by encrypting protected health information (PHI) on laptops and other portable electronic devices (e.g., smart phones and tablets).

HIPAA.com will have a series of postings on these Final Rules beginning when they are published in the Federal Register.

Tags: 123 STAT.42 USC 1320d-9AbstractAmerican Recovery and Reinvestment Act of 2009Breach Notificationbusiness associatecompliance auditcovered entitiesDEPARTMENT OF HEALTH AND HUMAN SERVICESelectronic devices or mediaencryptingEnforcementExecutive Office of the PresidentFederal Registerfinal rulesfinancial penaltiesGenetic Information Nondiscrimination Act of 2008GINAHealth Information Technology for Economic and Clinical Health ActHHSHIPAA PRIVACY RULEHIPAA Security RuleHITECH ActlaptopModifications to the HIPAA Privacynon-complianceOCROffice for Civil RightsOffice of Information and Regulatory AffairsOffice of Management and BudgetOMBPHIPrivacyprotected health informationRIN: 0945-AA03section 105Securitysmart phoneSubtitle DtabletTitle XIII
No Comments
Share
0

You also might be interested in

HHS’ ONC Releases Proposed Rule for Temporary and Permanent HIT Certification Programs

Mar 22, 2010

On Wednesday, March 10, 2010, the Office of the National[...]

ONC Releases Final Rule for Temporary HIT Certification Program

Jun 18, 2010

On Friday afternoon, June 18, the Office of the National[...]

Privacy and Security Framework: Openness and Transparency Principle and FAQs

Jan 19, 2009

U.S. Department of Health and Human Services, Office for Civil[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next