HHS Issues Interim Final Rule for HITECH ‘Breach Notification’

U.S. Department of Health and Human Services Secretary, Kathleen Sebelius, has issued the Interim Final Rule for Breach Notification for Unsecured Protected Health Information.  The Interim Final Rule was signed by Secretary Sebelius on August 6, 2009, filed at the Federal Register on Wednesday, August 19, 2009, and will be published on Monday, August 24, 2009, in the Federal Register.  The effective date of the Interim Final Rule will be 30 days after publication, and will cover both covered entities and business associates of covered entities.  Here is the Summary of the Interim Final Rule: “The Department of Health and Human Services (HHS) is issuing this interim final rule with…


HHS Secretary Sebelius Delegates Oversight and Enforcement of HIPAA Security Rule to OCR

U.S. Health and Human Services (HHS) Secretary Kathleen Sebelius has delegated oversight and enforcement of the HIPAA Administrative Simplification Security Rule Standards for Protection of Electronic Protected Health Information to HHS’s Office of Civil Rights (OCR), effective July 27, 2009.  Since October 7, 2003, the Security Rule had been the responsibility of HHS’s Center for Medicare & Medicaid Services (CMS). OCR also has responsibility for the HIPAA Administrative Simplification Privacy Rule.  This delegation brings responsibility for administrative, technical, and physical standards for safeguarding of protected health information in each rule under one authority, and likely will facilitate enforcement of the HITECH Act breach, notification, and business associate security rule compliance…


FTC Posts NPRM on Breach Notification Rule for e-Health Information

On April 17, 2009, the Federal Trade Commission issued a notice of proposed rulemaking that requires vendors of personal health records and related entities such as non-profit organizations that offer PHRs, to notify individuals when the security of their individually identifiable health information is breached. The NPRM seeks to conform with rules from HHS that safeguard protected health information, but the FTC proposed rule applies to non HIPAA-covered entities that are not subject to HIPAA privacy and security requirements. Of the many comments the FTC seeks is to identify entities that would fall under this ruling. We believe this rule will strengthen the trust consumers/patients have in sharing information in their…


What should you expect from your HIPAA Security Official?

HIPAA’s Security Rule requires covered entities to designate one person to be responsible for the development and implementation of policies and procedures that safeguard electronic protected health information. Nearly all organizations implemented measures to manage privacy in oral, written, and electronic media. However, as healthcare organizations and their business associates, inspired by the HITECH Act (stimulus package) respond to forthcoming financial incentives to adopt electronic health record (EHR) software, the need to beef up your security measures. So what should you look for in your Security Official? For starters, you need someone who understands clinical and billing workflows, recognizes that in the past some clinicians have communicated with patients via…


American Recovery and Reinvestment Act of 2009

ONE HUNDRED ELEVENTH CONGRESS of the UNITED STATES of AMERICA American Recovery and Reinvestment Act of 2009 Making supplemental appropriations for job preservation and creation, infrastructure investment, energy efficiency and science, assistance to the unemployed, and State and local fiscal stabilization, for the fiscal year ending September 30, 2009, and for other purposes. AGENCY: 111th US Congress. ACTION: Act. Download (Requires Acrobat Reader)

President Obama to Sign ARRA’s HITECH provisions Tuesday, February 17, 2009, in Denver, CO

The Senate joined the House on Friday evening, February 13, 2009, in passing the American Recovery and Reinvestment Act, which includes provisions relating to Health Information Technology. Title XIII of Division A and Title IV of Division B together are known as the “Health Information Technology for Economic and Clinical Health Act” or the “HITECH Act.”  We will be highlighting attributes of the HITECH Act through the end of February. Contrary to the political blather, this legislation is a significant step forward in providing funding and incentives to accelerate adoption of standardized and interoperable electronic business and clinical technologies in healthcare and in strengthening privacy safeguards for patients’ protected health…


Final HIPAA Enforcement Rule

DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the Secretary 45 CFR Parts 160 and 164 | RIN 0991–AB29 HIPAA Administrative Simplification: Enforcement AGENCY: Office of the Secretary, HHS. ACTION: Final rule. Download (Requires Acrobat Reader)