The new HIPAA Rule that we have been anticipating is finally going to be released.
The national coordinator for health information technology says the HIPAA "mega rule" should be published by the end of summer.
The Mega Rule includes modifications to the following:
- Privacy and security rule,
- breach notification and
- enforcement
OCR made the final step in March before publishing the final rules on HIPAA/HITECH, sending its rules to the Office of Management & Budget (OMB) on March 24 for a review.
OMB will complete a 90-day review before the rules will be published. OCR packaged four rules into one under the title, "Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules."
The final rules will include the following:
- Modifications to the HIPAA Privacy and Security Rules (namely making business associates and subcontractors liable and responsible for security-rule compliance and the use and disclosures provision of the privacy rule)
- Enforcement (new penalty levels)
- Breach notification
- Modifications of the HIPAA Privacy Rule as required by section 105 of the Genetic Information Nondiscrimination Act of 2008
Each rule is required by HITECH, signed into law in 2009, and enhances privacy and security protections and enforcement.
We will keep you informed about these major changes to HIPAA and HIPAA HITECH.