Tuesday, February 23, 2010

Enforcement for BA's Delayed

We understand that yesterday Adam H. Greene (Office of the General Counsel, Civil Rights Division, U.S. Department of Health & Human Services), speaking at the ABA’s 11th Annual Conference on Emerging Issues in Healthcare Law, indicated that enforcement of the business associate provisions of the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), which became effective on February 17, 2010, will be delayed until final rules addressing those provisions are published. The HITECH Act’s business associate provisions require business associates to implement the information security safeguards specified by the HIPAA Security Rule, and comply with certain requirements of the HIPAA Privacy Rule.

MIAOULIS NOTE:  These delays are good for folks that have started the process, however, for the organizations that are not taking HIPAA/HITECH or security seriously, it gives them another reason to rationalize non-compliance or not taking security seriously.

No comments: