While the HITECH Act technically went into effect last month, on February 17, 2010, HHS’s Office of Civil Rights (“OCR”) has yet to issue guidance and regulations about the implementation of new privacy and security requirements contained in the HITECH Act. Because of this failure, OCR has been hinting that it may delay enforcement of these privacy and security provisions.
OCR intended to issue new HIPAA regulations to meet the HITECH requirements prior to enforcement, and says it still hopes to issue the regs soon enough that a final rule could be issued during 2010. OCR also has not explicitly stated that it will be delaying enforcement–likely to encourage regulated entities to pursue good faith compliance efforts in the meanwhile–though spokesman Mike Robinson has been quoted saying, “It is not correct to characterize an ‘effective date’ for a legislative provision (which is what the Feb.17, 2010, date is for certain provisions of the HITECH Act) as the ‘enforcement date.'”
OCR has also been clear that there will be no delay in enforcing the breach notification rule, which was effective last September.
For more information regarding the HITECH Act and/or HIPAA, please contact Abby Pendleton, Esq. or Jessica L. Gustafson, Esq. at (248) 996-8510.