Posts Categorized: HIPAA Privacy & Security

HIPAA Privacy Rules Sent to OMB

in HIPAA Privacy & Security

The Office of Civil Rights (OCR) announced today that it has sent the final HIPAA privacy and security rule to OMB for review.  This review is expected to take 90 days after which time it likely will be released as final.  OCR has said that the final rule will include the : Breach notification rules; HIPAA enforcement rules; Rules implementing HIPAA privacy and security changes that were mandated in the Health Information Technology for Economic and Clinical Health (HITECH) Act; and Rules implementing HIPAA changes mandated in the Genetic Information Nondiscrimination Act.

HIPAA Privacy Update

in Health Benefits, HIPAA Privacy & Security

 Many of you have inquired about the status of the final HIPAA regulations under HITECH.  Recently, the head of OCR announced that the final rule could be out by the end of the year, but may be pushed to early 2012.  The package will include a number of outstanding regulation projects, including the final HITECH regulations, the final HIPAA enforcement rule, the final breach notification rule and the final GINA rule.  Once the final package is released, covered entities will have 180 days to comply with the new notice, policy and procedure and other requirements.  However, changes to existing business… Continue Reading

OCR Meeting

in HIPAA Privacy & Security

Today, along with my colleagues of the ABA Joint Committee of Employee Benefits, I met with the HHS Office of Civil Rights.  OCR is responsible for setting and enforcing the standards for covered entities and business associates under the HIPAA privacy and security rules.  Some very good questions (and hopefully good answers) were discussed at today’s meeting.  The written questions and answers should be out sometime in July on the JCEB website, and I will post a link when that occurs.

HIPAA Privacy Fines

in HIPAA Privacy & Security

By this time I’m certain you have seen enough Legal Alerts regarding the HIPAA privacy monetary fines that you could wallpaper your living room.  I know I certainly have.  But, does anyone honestly think that the fines were not warranted?  HHS really choose the most egregious violations (access violations and loss of records).  The access violation fine was compounded by an uncooperative covered entity.  HHS did not fine the covered entities for not having proper notices or not having proper written policies.  Rather, HHS choose the most basic of HIPAA privacy rights.  If anything these cases show that covered entities… Continue Reading