The deadline for the final rule on modifications to HIPAA privacy, security, and enforcement rules is March, The Department of Health and Human Services (HHS) writes in its semi-annual regulatory update—published last month in the Federal Register.
This is the most specific timeline federal officials have given regarding HIPAA and HITECH rules in limbo. In December, a senior official with the Office for Civil Rights (OCR) said the HIPAA privacy and security rule enforcer plans to release final rules regarding HITECH and HIPAA "in 2011."
Adam H. Greene, senior health information technology and privacy specialist at OCR, told an audience at the "2010 ONC Update" that he did not know a specific time of 2011 the rules would be released but added they would be published "contemporaneously." OCR's intention is to avoid staggering compliance dates.
The rules to which Greene alluded are:
- Breach notification
- HIPAA HITECH (modifications to privacy and security rules)
Greene also said a proposed rule on accounting of disclosures of EHRs will be released in 2011. HITECH calls for OCR to expand the HIPAA accounting disclosures provision to add treatment, payment, and healthcare operations disclosures when they're through an EHR. HITECH calls on the HHS secretary to balance the interest of individuals who want to learn the information versus the burden on covered entities.