Proposed Revisions to HIPAA Regulations

Posted on July 22, 2010 by Privacy and Data Protection Practice Group

The U.S. Department of Health and Human Services (HHS) published on July 14, 2010, a voluminous Notice of Proposed Rulemaking (NPRM), containing dozens of proposed amendments to three sets of Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations: the Privacy Rule; the Security Rule; and the Enforcement Rule. The proposed amendments are directed principally at implementing the Health Information Technology for Economic and Clinical Health Act (HITECH Act), which amended HIPAA and went into effect on February 17, 2010. A careful review of the NPRM for its impact on employers who sponsor HIPAA-covered plans reveals that, if the proposed changes were adopted, employers would be required to revise their business associate agreements, their HIPAA notice of privacy practices, and their policies for responding to access requests. The NPRM also provides employers with a roadmap for avoiding civil monetary penalties. To learn more about the NPRM and its implications for employers, please continue reading Littler's ASAP, What Do Employers with HIPAA-Covered Health Plans Really Need to Know About Recently Proposed Revisions to HIPAA Regulations?, by Philip L. Gordon.

Tags: , , , ,
  • Email This
  • Print
  • Trackbacks
  • Share Link

HHS Issues Interim Final Rules Strengthening HIPAA Enforcement

Posted on November 6, 2009 by Jay Sumner

The Department of Health and Human Services (HHS) has published interim final rules that conform the enforcement regulations of the Health Insurance Portability and Accountability Act (HIPAA) to those made by the Health Information Technology for Economic and Clinical Health Act (the HITECH Act) regarding the electronic transmission of health information. Signed into law as part of the American Recovery and Reinvestment Act of 2009 (ARRA or ”Economic Stimulus”), the HITECH Act, among other things, modified the HHS Secretary’s authority to impose civil monetary penalties for violations of HIPAA rules occurring after Feb. 18, 2009. These HITECH Act revisions significantly increase the penalty amounts the Secretary may impose for such violations.

According to a HHS press release, prior to the HITECH Act, the Secretary was limited to imposing fines of $100 for each violation or $25,000 for all identical violations of the same HIPAA provision. The HITECH Act substantially increases these monetary fines by establishing tiered ranges of increasing minimum penalty amounts, with a maximum penalty of $1.5 million for all violations of an identical provision. In addition, a covered health care provider, health plan or clearinghouse can no longer bar the imposition of a civil money penalty for an unknown violation unless it corrects the violation within 30 days of discovery. Before HITECH was enacted, covered entities could bar the Secretary’s imposition of a civil money penalty by demonstrating that it did not know that it had violated the HIPAA rules.

The HHS seeks comment on, among other topics, the calculation set forth in the interim final rules that determine when the 30-day cure period begins for the purpose of assessing the appropriate penalty tier for violations. In addition, the HHS invites comment on the definitions set forth for reasonable cause, reasonable diligence, and willful neglect.

These interim final rules are effective as of November 30, 2009. Comments must be made by December 29,2009, and can be sent to: U.S. Department of Health and Human Services, Office for Civil Rights, Attention: HIPAA Enforcement Rule IFR (RIN 0991-AB55), Hubert H. Humphrey Building, Room 509F, 200 Independence Avenue, SW., Washington, DC 20201, or via hand-delivery to: Office for Civil Rights, Attention: HIPAA Enforcement Rule IFR (RIN 0991-AB55), Hubert H. Humphrey Building, Room 509F, 200 Independence Avenue, SW., Washington, DC 20201. Comments may also be made electronically through the federal eRulemaking Portal: http://www.regulations.gov.

Photo credit: VisualField
 
Tags: , , , ,
  • Email This
  • Print
  • Trackbacks
  • Share Link