On March 15, 2010, the Office for Civil Rights (OCR), the federal agency within the Department of Health and Human Services responsible for enforcing the HIPAA Privacy and Security Rules, announced a delay in the enforcement of certain rules under the Health Information Technology for Economic and Clinical Health (HITECH) Act. The compliance and enforcement date for the following provisions, though effective February 17, 2010, has been delayed:
- Increased responsibilities and liability for business associates
- Changes to the right to request a restriction
- Stronger individual rights to access electronic health records
- Changes affecting the use or disclosure of protected health information for marketing and fundraising purposes
In the posting to its Website, OCR stated that proposed and final rules are forthcoming that will provide specific information on the expected date of compliance and enforcement of these new requirements. Until these rules are published, covered entities and business associates should take necessary actions to comply with the HITECH Act’s requirements currently in force: breach notification and the enhanced enforcement regulations. ASR Health Benefits has sent updated Business Associate Agreements to all of its clients to assist in compliance efforts.
The HITECH Act was enacted as part of the American Recovery and Reinvestment Act of 2009. If you have questions about the HITECH Act or compliance with its provisions, please contact ASR Health Benefits at (616) 957-1751 or (800) 968-2449 and ask for Maggie Tueth.