HLP reported earlier this week that the failure of OCR to issue HIPAA regulations regarding the implementation of the HITECH Act was likely to lead to a delay in enforcement of the relevant provisions, though no official delay had been announced.
In an update on its website on Wednesday, OCR has eased some confusion by making the delay official:
Although the effective date (February 17, 2010) for many of these HITECH Act provisions has passed, the [Notice of Proposed Rulemaking] (NPRM) and the final rule that follows will provide specific information regarding the expected date of compliance and enforcement of these new requirements.
The provisions affected include:
- business associate liability;
- new limitations on the sale of protected health information, marketing, and fundraising communications; and
- stronger individual rights to access electronic medical records and restrict the disclosure of certain information.
The update goes on to remind providers that regulations have been issued–and are being enforced–regarding enforcement and breach notification.
For more information regarding the HITECH Act and/or HIPAA, please contact Abby Pendleton, Esq. or Jessica L. Gustafson, Esq. at (248) 996-8510.