The Office of the National Coordinator for Health Information Technology issued a report May 18 that highlights how it will carry out HIPAA privacy and security regulations in the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Is it merely the same information from HITECH, but said a different way?
Some say the report does not include enough specifics about how the federal government will enforce the new HIPAA laws included in the HITECH portion (Title XIII) of the American Recovery and Reinvestment Act (ARRA) of 2009.
Others call the document "impressive," evidence of a "sea of change" and an effort on behalf of the federal government to carry out its promises to protect patient privacy and enforce HIPAA laws.
"The section on privacy and security really does not provide any new information," says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR. "The deadlines included in the document merely match the statutory requirements from ARRA. The dates listed match the dates HHS is required to promulgate rules, revise existing rules or issue guidance. I'm not very impressed with the document."
However, the HHS document left John C. Parmigiani, president, John C. Parmigiani & Associates, LLC, "impressed" with the effort ONC has taken to plan and be accountable for its oversight activities under ARRA/HITECH.
"While government moves slowly--so don't expect overnight miracles--I absolutely see HITECH as a sea change," says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA, who specializes in HIPAA privacy and security.
According to HHS, the federal government will spend about $24.3 million on privacy and security efforts, including:
Nearly $10 million will do toward Office for Civil Rights (OCR) and CMS audits. The former enforces the HIPAA Privacy Rule, the latter the HIPAA Security Rule.