HHS Issues Proposed Rule on HITECH Act

Wednesday, July 07, 2010

On Thursday, July 8, 2010, the Department of Health and Human Services (HHS) released an advance copy of the Notice of Proposed Rulemaking (NPRM) on changes to the HIPAA Privacy, Security and Enforcement Regulations due to the HITECH Act, which was passed as part of ARRA in February 2009.

 

The NPRM makes changes required by the HITECH Act to the existing Regulations, some of which had not changed since 2002. They include the expanded obligations of Business Associates, new limitations on uses and disclosures, expanded individual rights to access Protected Health Information (PHI), and new changes to the Notice of Privacy Practices (NPP). The NPP must contain the following changes: (1) notice that the sale of PHI requires the express written individual authorization; (2) a separate statement if the covered entity receives payment from a third party to send treatment communications to an individual about that party’s products or services, and the right to elect not to receive such communications; and (3) the right to restrict PHI disclosures to a health plan for expenses that an individual has paid out-of- pocket in full.

 

HHS recognized that covered entities and business associates cannot realistically comply with the rule until they are finalized. As a result, HHS has provided a 180-day compliance period in which these entities can come into compliance. The compliance period starts on the day that HHS issues the Final Rule. That means that entities have a good amount of preparation and planning time before these rules are enforced. Entities will also have a one-year transition period in which to amend Business Associate Agreements. The transition period also starts on the day that HHS issues the Final Rule. A 60-day comment period allows for all interested parties to provide feedback on the NPRM before HHS issues the Final Rule.

 

“While health information technology will help America move its health care system forward, the privacy and security of personal health data is at the core of all our work,” said HHS Secretary Kathleen Sebelius.

 

Infinisource is currently conducting an extensive review of the NPRM and what changes will need to be made to our HIPAA Solved product. A copy of the NPRM is available at: www.ofr.gov/OFRUpload/OFRData/2010-16718_PI.pdf.

 

Manage your account

Employer/Client

» COBRA Login
» FSA/HRA Login
» NDT Login

Employee/Participant

» Continuation Coverage
» FSA/HRA Login
» HSA Login

Agents

» Agent Resource
Center Login
Our Company
Our Company
Company Information
Mission Statement
Community Involvement
Executive Team
Executive Team
Careers
Careers
Infinisource News / Events
Infinisource News / Events
2010 News Releases
2009 News Releases
2008 News Releases
2006 News Releases
News and Review
News and Review
News By Topic
BenefitsChallenge
News & Review Sign-up
RSS Sign-up
Benefit Resources
Benefit Resources
Benefit Laws, Regulations
Benefit White Papers
COBRA Case Law
COBRA Checklist
COBRA Quiz
Comparison
FSA Employee Calculator
FSA Employer Calculator
Glossary of Terms
Published Articles
Contact Us
Contact Us
Client Survey
Client Survey

Quick Links

» Product Overview

» News & Review

» Client Survey