A senior official with the Office for Civil Rights (OCR) said recently that the enforcer of the HIPAA Privacy and Security Rule plans to release final rules regarding HITECH and HIPAA next year. He stated that they did not know specifically when in 2011 the rules would be released but added they would be published "contemporaneously." OCR's intention is to avoid staggering compliance dates.
The rules to which OCR alluded are breach notification; enforcement; HIPAA HITECH (modifications to Privacy and Security Rules).
They also said that a proposed rule on the accounting of disclosures of EHRs will be released in 2011. HITECH calls for OCR to expand the HIPAA accounting disclosures provision to add treatment, payment, and healthcare operations disclosures when they are through an EHR. HITECH calls on the HHS secretary to balance the interest of individuals who want to learn the information versus the burden on covered entities.
HITECH also calls for "periodic audits" of HIPAA compliance, but federal regulators have yet to announce any details of the plan. When asked about the status of the audit program, OCR said, "That's the $1.5 million question when will this audit program begin, and what are the chances that I'm going to be audited?" OCR does not yet have any more information on those questions.
Stay tuned for future activity on these changes.