Today, the Department of Health and Human Services issued a notice of proposed rulemaking to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy, security, and enforcement regulations regarding protected health information. The proposed modifications were mandated by the Health Information Technology for Economic and Clinical Health Act (HITECH Act), which was enacted as part of the American Recovery and Reinvestment Act of 2009.
Comment period will be for 60 days after the NPRM is published in the Federal Registry. Look for that to happen next week. The non final format of the rules can be viewed here.
Notice for Proposed Rulemaking (NPRM)
Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act
AGENCY: Office for Civil Rights, Department of Health and Human Services.
ACTION: Notice of proposed rulemaking.
SUMMARY: The Department of Health and Human Services (HHS or “the Department”) is issuing this notice of proposed rulemaking to modify the Standards for Privacy of Individually Identifiable Health Information (Privacy Rule), the Security Standards for the Protection of Electronic Protected Health Information (Security Rule), and the rules pertaining to Compliance and Investigations, Imposition of Civil Money Penalties, and Procedures for Hearings (Enforcement Rule) issued under the Health
Insurance Portability and Accountability Act of 1996 (HIPAA). The purpose of these modifications is to implement recent statutory amendments under the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act” or “the Act”), to strengthen the privacy and security protection of health information, and to improve the workability and effectiveness of these HIPAA Rules.