From: GovInfoSecurity
Overdue HIPAA Modifications Top the List
By Marianne Kolbasuk McGee
A long-overdue omnibus package that includes HIPAA modifications tops the list of regulations dealing with health data privacy and security issues that are pending for 2013.
Also pending is an accounting of disclosures rule that, in early draft form, called for providing patients, upon request, with reports listing everyone who accessed their electronic health information. Plus, rules for Stage 3 of the HITECH Act electronic health record incentive program, which begins in 2016, are in development.
Leon Rodriguez, director of the Office for Civil Rights, the unit of the Department of Health and Human Services responsible for crafting the omnibus package, said in an early December interview with HealthcareInfoSecurity, “We’re hopeful that we’ll be in a position to issue it soon.” The Office of Management and Budget has been reviewing the regulations since March. OMB review is the final step before a regulation is published.
As proposed, the HIPAA omnibus package includes:
- A final version of the HIPAA breach notification rule. An interim final version has been in effect since September 2009. OCR officials have indicated the final version will include more guidance on when a breach has to be reported.
- Extensive HIPAA modifications, including changes to the privacy, security and enforcement rules. Among the changes: Applying many security requirements to business associates and their subcontractors.
- A rule spelling out that using genetic information for insurance underwriting purposes is a privacy violation, as well as discriminatory, under the Genetic Information Non-Discrimination Act.