HHS Interim Final Rule to Conform the Enforcement Regulations Promulgated Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Yesterday, the The U.S. Department of Health and Human Services (HHS) issued an interim final rule with request for comments to strengthen its enforcement of the rules promulgated under the Health Insurance Portability and Accountability Act (HIPAA). The Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009, modified the HHS Secretary’s authority to impose civil money penalties for violations occurring after Feb. 18, 2009. These HITECH Act revisions significantly increase the penalty amounts the Secretary may impose for violations of the HIPAA rules and encourage prompt corrective action.
The HITECH Act was incorporated into ARRA to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act, sections 13400-13424, addresses the privacy and security concerns associated with the electronic transmission of health information. It does so, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules. Many of these enforcement provisions became effective as of February 18, 2009 and are the impetus of this rulemaking. Other enforcement provisions have yet to become effective under the HITECH Act and are therefore subject to future rulemaking.
DATES: Effective Date: This interim final rule is effective November 30, 2009. Comment Date: Comments on this interim final rule will be considered if received at the appropriate address, no later than December 29, 2009.
