Written by Dianne Bourque
On December 14, the Office of Civil Rights (“OCR”) indicated at a public meeting that it is considering the simultaneous publication in 2011 of four final HIPAA rules:
- The breach notification rule
- The HIPAA Enforcement Rule
- The HITECH implementation rules
- The HIPAA changes mandated by GINA
These rules are all scheduled for release at some point in 2011.
Additionally, OCR stated that it is evaluating various options for conducting the HIPAA audits that are mandated under the HITECH Act. OCR is considering the conventional approach of auditing samples of covered entities and business associates, and is also considering the use of a third party to certify covered entities and business associates demonstrating compliance with federal privacy and security standards.
At this time there have been no formal announcements from OCR regarding these issues.