Changes to the HIPAA Enforcement Rule -
Background: On October 30, 2009, HHS issued an interim final rule revising the Enforcement Rule to incorporate provisions of the HITECH Act. The NPRM then proposed a number of additional modifications to the Enforcement Rule, and the Final Rule adopts several of these modifications to implement HITECH Act requirements that the interim final rule did not address or adopt.
Modifications: The Final Rule implements provisions regarding enforcement of noncompliance due to willful neglect. The Final Rule requires the Secretary to formally investigate complaints indicating violations due to willful neglect and requires that the Secretary conduct a compliance review to determine whether a Business Associate is in compliance when a preliminary review of facts indicates a possible violation. The Final Rule provides the Secretary with discretion (and removes the former mandate) to resolve investigations or compliance reviews indicating noncompliance by informal means. In addition, the Final Rule requires the imposition of civil money penalties upon finding violations due to willful neglect.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.
Topics: Business Associates, Compliance, Data Breach, Data Protection, Enforcement, GINA, Healthcare, Healthcare Professionals, HHS, HIPAA, HITECH, Notice Requirements, OCR, Penalties, Privacy Rule
Published In: Health Updates, Privacy Updates, Science, Computers & Technology Updates