As we have discussed before, HHS’s Office of Civil Rights has let it be known that a proposed rule implementing the HITECH Act’s privacy and security provisions as they apply to business associate liability is in the works. The proposed rule will also deal with new limitations on the sale of protected health information, marketing, and fundraising communications, and stronger individual rights to access electronic medical records, among other things. According to the Office of Civil Rights, the proposed rule “will provide specific information regarding the expected date of compliance and enforcement of these new requirements.”
We take this to mean that enforcement of these particular HITECH Act provisions will be delayed.
For more information, see the Mintz Levin Health Law and Employee Benefits Alert just published.