The timing of the release of proposed HIPAA regulations per the HITECH Act became a little more clear this week.
The Department of Health & Human Services (HHS) released its semi-annual regulatory agenda in the Federal Register Monday and wrote that modifications to the HIPAA privacy, security and enforcement rules will be coming in May.
HHS did not detail exactly which proposed rules would be released. But last month, the Office for Civil Rights (OCR), which enforces the HIPAA privacy and security rules, said regulations forthcoming include:
Earlier this month, HHS sent for review regulations per HITECH requirements to the Office of Information and Regulatory Affairs (OIRA), according to privacy and security experts.
OIRA has 90 days to review the regulations, though the head of the submitting agency can extend that time and OIRA may request a one-time 30-day extension, says Jana Aagaard of the Law Office of Jana Aagaard in Carmichael, CA.
The industry has been waiting on rules from OCR concerning HITECH provisions effective February 17. Until this week, nor HHS or OCR had provided any specific timeline on the release of regulations.