The Department of Health and Human Services will issue a "suite" of guidance to help healthcare providers, business associates and patients better understand how to comply with the HIPAA Omnibus Rule, an HHS attorney says.
"We are trying hard to get guidance out as soon as we can," says Iliana Peters, an attorney at HHS' Office for Civil Rights who worked on the team that crafted the final rule. That way, providers will be better able to comply in time for the Sept. 23 enforcement date for the rule, she notes. The rule went into effect March 26.
Peters, who made her comments April 25 during a panel discussion on HIPAA Omnibus sponsored by Microsoft and consumer advocacy group Patient Privacy Rights, says OCR has been working with other agencies, including the Office of the National Coordinator for Health IT, in developing the guidance.
In recent months, HHS has issued other compliance guidance related to the HITECH Act electronic health record incentive program and HIPAA, including privacy and security tips for mobile devices (see: HHS Offers Mobile Device Security Tips).
Although Peters didn't elaborate on the topics of the guidance, she says it will take into account questions that covered entities, consumers and business associates have asked OCR about the HIPAA Omnibus Rule, which includes extensive security, privacy and breach notification provisions.
During the process of writing the new rule, OCR eliminated some sections "to get it to a manageable size," Peters says. Some material that was cut will be included in the forthcoming guidance, she adds.