Skip to main content

HHS: HIPAA Regulations Will Come Next Month

 |  By dnicastro@hcpro.com  
   April 27, 2010

The timing of the release of proposed HIPAA regulations per the HITECH Act became a little more clear this week.

The Department of Health & Human Services (HHS) released its semi-annual regulatory agenda in the Federal Register Monday and wrote that modifications to the HIPAA privacy, security and enforcement rules will be coming in May.

HHS did not detail exactly which proposed rules would be released. But last month, the Office for Civil Rights (OCR), which enforces the HIPAA privacy and security rules, said regulations forthcoming include:

  • Business associate (BA) liability
  • New limitations on the sale of personal health information, marketing, and fundraising communications
  • Stronger individual rights to access electronic medical records and restricting the disclosure of certain information

Earlier this month, HHS sent for review regulations per HITECH requirements to the Office of Information and Regulatory Affairs (OIRA), according to privacy and security experts.

OIRA has 90 days to review the regulations, though the head of the submitting agency can extend that time and OIRA may request a one-time 30-day extension, says Jana Aagaard of the Law Office of Jana Aagaard in Carmichael, CA.

The industry has been waiting on rules from OCR concerning HITECH provisions effective February 17. Until this week, nor HHS or OCR had provided any specific timeline on the release of regulations.

Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Tagged Under:


Get the latest on healthcare leadership in your inbox.