The Department of Health and Human Services (HHS) announced a Request for Information (RFI) regarding how the HIPAA Privacy, Security, and Breach Notification Rules could be modified to reduce regulatory burdens and to improve care coordination, case management, and value-based health care. In addition to opening the door for public comments on current challenges and potential modifications to the HIPAA Rules, the RFI specifically requests feedback on anticipated changes to several specific provisions of the Privacy Rule.
The 2009 HITECH Act mandated that the U.S. Department of Health and Human Services Office for Civil Rights conduct periodic audits of covered entities and business associates for compliance with HIPAA privacy and security requirements. In 2012, OCR conducted a pilot audit program involving 115 covered entities. In February 2014, the agency issued a notice in the Federal Register announcing its plan to survey up to 1,200 covered entities and business associates to select organizations for the next round of HIPAA audits.
Last week the Office of the National Coordinator’s Health IT Policy Committee approved recommendations from its Privacy and Security Tiger Team workgroup to scale back HHS’s proposed accounting of disclosures regulations. The Tiger Team developed its recommendations after months of work, including a September 30 virtual hearing in which the Tiger Team heard testimony from providers, payers, business associates, patient advocates, and other stakeholders.
The Department of Health and Human Services (HHS) just released the highly anticipated final regulations implementing the privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The regulations address: Final modifications to the HIPAA Privacy, Security and Enforcement Rules mandated by the HITECH Act; Final rule adopting changes […]
On November 26, the U.S. Department of Health and Human Services’ Office for Civil Rights released guidance on methods for de-identification of protected health information in keeping with the HIPAA Privacy Rule (as required under the HITECH Act). The guidance answers questions related to each of the permissible de-identification methods – the expert determination […]
A new amendment to California’s security breach notification statute establishes specific content requirements for data breach notifications and imposes a new Attorney General notification requirement for breaches affecting more than 500 California residents.
On May 7, 2010, the Office for Civil Rights (OCR) issued guidance related to the HIPAA Security Rule’s risk analysis requirement.
Hogan & Hartson’s Marcy Wilder will be presenting on "HITECH’s Impact on Business Associate Agreements with Healthcare Providers: Complying With New HIPAA Requirements and Preparing for Touger Enforcement" in a CLE Teleconference on Thursday, September 24, 2009, at 1pm EDT. The Health Information Technology for Economic and Clinical Health Act (HITECH) dramatically expands the scope and […]