A senior official with the Office for Civil Rights (OCR)
said recently that the enforcer of the HIPAA Privacy and Security Rule plans to
release final rules regarding HITECH and HIPAA next year. He stated that they
did not know specifically when in 2011 the rules would be released but added
they would be published "contemporaneously." OCR's intention is to
avoid staggering compliance dates.
The rules to which OCR alluded are breach notification;
enforcement; HIPAA HITECH (modifications to Privacy and Security Rules).
They also said that a proposed rule on the accounting of
disclosures of EHRs will be released in 2011. HITECH calls for OCR to expand
the HIPAA accounting disclosures provision to add treatment, payment, and
healthcare operations disclosures when they are through an EHR. HITECH calls on
the HHS secretary to balance the interest of individuals who want to learn the
information versus the burden on covered entities.
HITECH also calls for "periodic audits" of HIPAA
compliance, but federal regulators have yet to announce any details of the
plan. When asked about the status of the audit program, OCR said, "That's
the $1.5 million question when will this audit program begin, and what are the
chances that I'm going to be audited?" OCR does not yet have any more
information on those questions.
Stay tuned for future activity on these changes.