It's only been a few days since the Office of the National Coordinator for Health Information Technology issued a report explaining how it would meet new HIPAA privacy and security rules specified in the stimulus package.
Experts argue whether the new report, which spells out plans for complying with a stimulus act section known as High Information Technology for Economic and Clinical Health (HITECH), actually says anything novel. Some argue that deadlines for action spelled out in the document just match those in the stimulus plan, while others see the plans as a good first step.
Be that as it may, HHS has said that it will spend about $24.3 million on new privacy and security efforts, including carrying out regulatory and enforcement requirements of HITECH and training for state attorneys general, audits and reports to Congress.
New HIPAA provisions include language broadening privacy rules and penalties to include business associates; clarify that HIPAA's criminal sanctions apply to employees or other individuals that wrongfully use or access PHI held by a covered entity; prohibit sales of PHI without prior consent; and allow state attorneys general to bring civil damages actions.
The question is whether any of these actions do much to step up HIPAA enforcement. After all, to date, vanishingly few HIPAA investigations have actually taken place. The question, it seems, is whether HHS will make use of the tools it has, much less new ones.
By Anne Zieger
Tuesday, May 26, 2009
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment