HIPAA Update: Comment Period OpensSept. 13 is the Deadline for Feedback on Proposed Revamp A proposal to significantly revamp the HIPAA privacy, security and enforcement rules has been posted on the Federal Register, and regulators are accepting comments until Sept. 13.
The notice of proposed rulemaking is called: "Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act."
The proposal would extend the applicability of many of the HIPAA privacy and security rules' requirements to business associates and their subcontractors. These companies provide services to "covered entities," such as hospitals, clinics and insurers, and have access to protected health information.
The proposal also would create guidelines for giving patients improved access to their records. For example, if a healthcare organization maintains electronic records, it would have to offer electronic copies to patients upon request.
The HITECH Act designated the HHS Office for Civil Rights to enforce the HIPAA privacy and security rules. The notice of proposed rulemaking also outlines in great detail the legal definitions of violations and formalizes the higher penalties, of up to $1.5 million in a year, called for under HITECH.