HIPAA Enforcement Promises, But Lacks Specifics

Dom Nicastro, for HealthLeaders Media , May 22, 2009

The Office of the National Coordinator for Health Information Technology issued a report May 18 that highlights how it will carry out HIPAA privacy and security regulations in the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Is it merely the same information from HITECH, but said a different way?

Some say the report does not include enough specifics about how the federal government will enforce the new HIPAA laws included in the HITECH portion (Title XIII) of the American Recovery and Reinvestment Act (ARRA) of 2009.

Others call the document "impressive," evidence of a "sea of change" and an effort on behalf of the federal government to carry out its promises to protect patient privacy and enforce HIPAA laws.

"The section on privacy and security really does not provide any new information," says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR. "The deadlines included in the document merely match the statutory requirements from ARRA. The dates listed match the dates HHS is required to promulgate rules, revise existing rules or issue guidance. I'm not very impressed with the document."

However, the HHS document left John C. Parmigiani, president, John C. Parmigiani & Associates, LLC, "impressed" with the effort ONC has taken to plan and be accountable for its oversight activities under ARRA/HITECH.

"While government moves slowly--so don't expect overnight miracles--I absolutely see HITECH as a sea change," says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA, who specializes in HIPAA privacy and security.

According to HHS, the federal government will spend about $24.3 million on privacy and security efforts, including:

  • Audits

  • Reports to Congress

  • Training for State Attorneys General

  • Carrying out regulatory and enforcement requirements of the HITECH

Nearly $10 million will do toward Office for Civil Rights (OCR) and CMS audits. The former enforces the HIPAA Privacy Rule, the latter the HIPAA Security Rule.

Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Comments are moderated. Please be patient.




FREE e-Newsletters Join the Council Subscribe to HL magazine


100 Winners Circle Suite 300
Brentwood, TN 37027


About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2015 a division of BLR All rights reserved.