Skip to main content

HHS Announces Delay in Enforcement of HITECH Rules as Applied to Business Associates

As we have discussed before, HHS’s Office of Civil Rights has let it be known that a proposed rule implementing the HITECH Act’s privacy and security provisions as they apply to business associate liability is in the works. The proposed rule will also deal with new limitations on the sale of protected health information, marketing, and fundraising communications, and stronger individual rights to access electronic medical records, among other things. According to the Office of Civil Rights, the proposed rule “will provide specific information regarding the expected date of compliance and enforcement of these new requirements.”

We take this to mean that enforcement of these particular HITECH Act provisions will be delayed.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.