HIPAA Privacy Update

Many of you have inquired about the status of the final HIPAA regulations under HITECH.  Recently, the head of OCR announced that the final rule could be out by the end of the year, but may be pushed to early 2012.  The package will include a number of outstanding regulation projects, including the final HITECH regulations, the final HIPAA enforcement rule, the final breach notification rule and the final GINA rule.  Once the final package is released, covered entities will have 180 days to comply with the new notice, policy and procedure and other requirements.  However, changes to existing business associate agreements will be given up to an extra year to comply. 

 OCR also issued proposed accounting rules earlier this year.  OCR does not expect to include the accounting rules in the final regulation package discussed above. 

 You should note that these final regulations come at a time when OCR’s audit and enforcement activity is at an all time high.  Year over year, OCR has a 200% increase in opened cases and a 900% increase in corrective actions obtained as a result of those opened cases.

Latest Thinking

View more Insights
Insights Center
Knowledge assets are defined in the study as confidential information critical to the development, performance and marketing of a company’s core business, other than personal information that would trigger notice requirements under law. For example,
The new study shows dramatic increases in threats and awareness of threats to these “crown jewels,” as well as dramatic improvements in addressing those threats by the highest performing organizations. Awareness of the risk to knowledge assets increased as more respondents acknowledged that their