By: Helen Oscislawski, Principal at Attorneys at Oscislawski LLC
HealthDataManagement has quoted Susan McAndrew, deputy director of health information privacy in the Department of Health and Human Services, OCR, as saying that the final rules implementing the HITECH Act are to be released within months, if not weeks. In fact, McAndrew is quoted as saying that the AOD proposed rule is “very close” to being ready.
Deputy Director Susan McAndrew recently spoke at the Safeguarding Health Information Conference OCR hosted with the National Institute of Standards and Technology (NIST) in Washington. At that meeting, she stated that the final rules addressing privacy and security protections, breach notification, enforcement, and GINA should be released within weeks. Notably, McAndrew is quoted as saying that “[DHHS] want[s] to ensure that when we do the final HITECH action, it contains as much activity as we can.”
The “omnibus rule,” as it is sometimes being referred to, will address new information protection requirements for:
- business associates and subcontractors
- electronic access
- research authorizations
- student immunization records
- restrictions on marketing
- restrictions on fundraising
- prohibition on sale of protected health information
A separate proposed rule is also supposed to be issued govern accounting for disclosures (AOD) through an EHR, including for payment, treatment and health plan operations.
Once the rule is released, covered entities, business associates, and subcontractors of business associates will have to hit the ground running to get their policies and processes in line with the final tweaks. It promises, I’m sure, to be another 300+ rule for our light reading pleasure!
