FTC Delays Enforcement of FTC Red Flags Rule Fifth Time

The original FTC Red Flags Rule compliance date deadline was extended three times from the original date of November 1, 2008, with an expected compliance date of November 1, 2009.  Just prior to that date, the FTC extended for the fourth time the deadline for compliance to June 1, 2010.  On May 28, 2010, the June 1, 2010, compliance date was extended a fifth time to December 31, 2010[1]: “At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the ‘Red Flags’ Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule.  Today’s…

READ MORE

Today, February 17, Business Associates Must be in Compliance with HIPAA Security Rule

Today, Wednesday, February 17, 2010, Business Associates of Covered Entities must be able to demonstrate that they are in compliance with administrative, physical, and technical safeguards of the HIPAA Security Rule, as required by the HITECH Act, enacted one year ago today as part of the American Recovery and Reinvestment Act of 2009.  In addition, Business Associate Agreements must be rewritten or amended to specifically require a Business Associate’s compliance with the Security Rule as part of its “satisfactory assurances.”  Financial penalties for noncompliance discovered during a compliance audit or complaint investigation could be severe, especially for willful neglect. Here are the appropriate authorities: Section 13401 of Part 1 (Improved…

READ MORE

HHS Issues Interim Final Rule for HITECH ‘Breach Notification’

U.S. Department of Health and Human Services Secretary, Kathleen Sebelius, has issued the Interim Final Rule for Breach Notification for Unsecured Protected Health Information.  The Interim Final Rule was signed by Secretary Sebelius on August 6, 2009, filed at the Federal Register on Wednesday, August 19, 2009, and will be published on Monday, August 24, 2009, in the Federal Register.  The effective date of the Interim Final Rule will be 30 days after publication, and will cover both covered entities and business associates of covered entities.  Here is the Summary of the Interim Final Rule: “The Department of Health and Human Services (HHS) is issuing this interim final rule with…

READ MORE

HHS Secretary Delegates to ONC Head New HITECH Act Authority

Effective August 7, 2009, and published in the Federal Register on Tuesday, August 18, 2009, Secretary Kathleen Sebelius of the U.S. Department of Health and Human Services (HHS) has delegated authority to the National Coordinator for Health Information Technology, David Blumenthal, M.D., to administer “Subtitle B, ‘Incentives for the Use of health Information Technology,’ sections 3011 through 3017, with the exception of 3012(c)(5), the Financial Support subsection.”  These sections and titles, which appear on pages 132-144 of the American Recovery and Reinvestment Act of 2009 (ARRA), signed by President Obama on February 17, 2009, available on the hipaa.com site, include: 3011 Immediate Funding to Strengthen the Health Information Technology Infrastructure,…

READ MORE

5010/D.0 Effective Date Tuesday, March 17, 2009; Compliance Date January 1, 2012

The version modification to the HIPAA Administrative Simplification transaction standards becomes effective Tuesday, March 17, 2009. Here are several critical things to know, drawn directly from the final rule published in the Federal Register on January 16, 2009. The final rule is available for download on the HIPAA.com site. Effective Date: The effective date [March 17, 2009] is the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted. [74 Federal Register 3302] Compliance Date: On January 1, 2012, all covered entities will have reached Level 2 compliance, and must be fully compliant in using Versions 5010 and D.0…

READ MORE

One Week from Today: 5010/D.0 Final Rule Effective Date

They’re coming: the Ides of March (the 14th); NCAA Basketball Tournament Announcement (the 15th); St. Patrick’s Day (the 17th); and 5010/D.0 Final Rule Effective Date (the 17th). If you are a covered entity, Level 1 testing begins Tuesday, March 17, 2009. Here are five things you need to do to start. Conduct a Gap Analysis. What do I need to do to become compliant on January 1, 2012? That date sounds far off, but it will be here before you know it. Unlike previous transaction contingency periods for covered entities and their trading partners, HHS has indicated that there will be no tolerance for those not ready. Read the final…

READ MORE

Is Your Covered Entity Preparing for 5010/D.0 Testing? Part 2: Level 2 Testing

On March 17, 2009, the Final Rules for Modifications to the Health Insurance Portability and Accountability Act (HIPAA) become effective. HIPAA.com has available for download the final rules for 5010/D.0 as published in the Federal Register on January 16, 2009 (pp.3295-3328). The effective date is “the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted.” [p.3302]. All covered entities are to be in compliance with 5010/D.0 on January 1, 2012. Testing can occur “from the date of the final rule until the compliance date for Versions 5010 and D.0.” [p. 3306] The Final Rules outline two levels of…

READ MORE

Effective Dates for Modified HIPAA Administrative Simplification Transaction and Code Set Rules Coming in March

In less than three weeks, HIPAA Version 5010/D.0 transaction and ICD-10 code set rules become effective, and the clock starts running on testing in preparation for compliance several years hence. Next Monday, March 2, 2009, HIPAA.com will outline Level 1 testing requirements and opportunities for the 5010/D.0 transaction rule, and on Tuesday, March 3, 2009, outline testing requirements for ICD-10. Sign up for HIPAA.com email reminders for these and other HIPAA Administrative Simplification standards postings, as well as postings relating to the new Health Information Technology for Economic and Clinical Health Act and Medicare and Medicaid Health Information Technology (“HITECH Act”) provisions of the American Recovery and Reinvestment Act (“ARRA”)…

READ MORE