HIPAA Enforcement Promises, But Lacks Specifics
The Office of the National Coordinator for Health Information Technology issued a report May 18 that highlights how it will carry out HIPAA privacy and security regulations in the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Is it merely the same information from HITECH, but said a different way?
Some say the report does not include enough specifics about how the federal government will enforce the new HIPAA laws included in the HITECH portion (Title XIII) of the American Recovery and Reinvestment Act (ARRA) of 2009.
Others call the document "impressive," evidence of a "sea of change" and an effort on behalf of the federal government to carry out its promises to protect patient privacy and enforce HIPAA laws.
"The section on privacy and security really does not provide any new information," says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR. "The deadlines included in the document merely match the statutory requirements from ARRA. The dates listed match the dates HHS is required to promulgate rules, revise existing rules or issue guidance. I'm not very impressed with the document."
However, the HHS document left John C. Parmigiani, president, John C. Parmigiani & Associates, LLC, "impressed" with the effort ONC has taken to plan and be accountable for its oversight activities under ARRA/HITECH.
"While government moves slowly--so don't expect overnight miracles--I absolutely see HITECH as a sea change," says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA, who specializes in HIPAA privacy and security.
According to HHS, the federal government will spend about $24.3 million on privacy and security efforts, including:
- Reports to Congress
- Training for State Attorneys General
- Carrying out regulatory and enforcement requirements of the HITECH
Nearly $10 million will do toward Office for Civil Rights (OCR) and CMS audits. The former enforces the HIPAA Privacy Rule, the latter the HIPAA Security Rule.
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- CDC Warns of Antibiotic Overuse in Hospitals
- Don't Underestimate Emotional Intelligence
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers
- The Secret to Physician Engagement? It's Not Better Pay
- Care Coordination Tough to Define, Measure
- SCOTUS Review of NC Board Case 'A Very Big Deal' to Providers
- Yale New Haven Health Partners with Tenet Healthcare in CT
- Physicians Take SGR Repeal Message to Washington
- Size Matters in Antibiotic Overuse
- Evidence-Based Practice and Nursing Research: Avoiding Confusion