4. I heard that HHS has withdrawn its submittal for government review of the “Breach Notification Final Rule.” Does this mean that our organization can assume that we do not have to make any notifications until HHS resubmits the rule?
That is an incorrect assumption. Read a notice on the HHS website that cites the complexity of the issue and states that “the Administration is committed to ensuring that individuals’ health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur.”
In that notice, HHS states that it intends to publish a final rule in the Federal Register in the coming months. HHS clarified to HIMSS that, “the interim final rule continues in full force and effect until a final rulemaking is issued.”
5. Can we really expect that HHS will step up enforcement of HIPAA and the new HITECH requirements?
HITECH contains a number of new laws aimed at tightening enforcement requirements:
- Allows criminal penalties to apply to individuals;
- Provides new system of civil monetary penalties;
- Modifies distribution of certain civil monetary penalties collected;
- Requires the Secretary to provide for periodic audits of covered entities and business associates;
- Requires HHS to investigate all complaints; and
- Allows State Attorneys General to bring a civil action in federal court on behalf of the residents of their state.
The HIPAA NPRM discussed above contains HHS’ proposed regulations in this area. The intent to step up enforcement, reflected in both the HITECH statutes and the proposed HHS rules, is clear. Whether HHS will have the will and the appropriate resources remains to be seen.
Cari McLean
Joyce Lofstrom, MS, APR
Adam Bazer
Carla M Smith, MA, CNM, FHIMSS
Christel Anderson
Dave Roberts
Thomas S. Keefe, MA, FHIMSS
JoAnn W. Klinedinst, CPHIMS, PMP, FHIMSS
Joyce Sensmeier, MS, RN-BC, CPHIMS, FHIMSS, FAAN
Elinore Boeke
Mary Griskewicz MS, FHIMSS
H. Stephen Lieber, CAE
Lisa A. Gallagher, BSEE, CISM, CPHIMS
John Casillas
Juliet A. Santos, MSN, CCRN, FNP-BC
Tom Leary, MALA, FHIMSS
Karen Malone
Nancy Vitucci
Lauren Brown
David Collins, MHA, CPHQ, CPHIMS, FHIMSS
mattschlossberg
Mary Beth Micucci
John. H. Daniels, FHIMSS, FACHE
John P Hoyt FHIMSS FACHE
Jennifer Horowitz
Richard M. Hodge, MBA, MPA
kawagner
Liz Anderson
Ed Larsen
Arnol Simmons
Helen Figge, RPh, PharmD, MBA
Amanda Griffith
James (Jim) St. Clair, CISM, PMP, SSGB
Shelley Price, MS, FHIMSS
jfrenchhimss
Michelle Glenn
Zahid Butt MD, FACG
Amy Thorpe, FHIMSS
Michael A. Gaspar
ftvelasco
gumprx
Edna Boone, MA, CPHIMS Senior Director mHIMSS
Pingback: HIMSS Privacy & Security FAQ « MEDI-Talk