View Rule
View EO 12866 Meetings | Printer-Friendly Version Download RIN Data in XML |
HHS/OS | RIN: 0991-AB14 | Publication ID: Fall 2001 |
Title: ●Modifications to Standards for Privacy of Individually Identifiable Health Information | |
Abstract: The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Department of Health and Human Services (the Department) to issue standards for health plans, health care clearinghouses, and certain health care providers to protect the privacy of individually identifiable health information. The Department published these standards, entitled "Standards for Privacy of Individually Identifiable Health Information," (the Privacy Rule) as a final rule on December 28, 2000. The final rule was effective on April 14, 2001. The proposed rule would amend the Privacy Rule to, among other things, support the delivery of the highest quality of health care to patients and address concerns regarding the workability of the rule for entities subject to its requirements. | |
Agency: Department of Health and Human Services(HHS) | Priority: Other Significant |
RIN Status: First time published in the Unified Agenda | Agenda Stage of Rulemaking: Proposed Rule Stage |
Major: Yes | Unfunded Mandates: State, local, or tribal governments |
CFR Citation: 45 CFR 160 45 CFR 164 | |
Legal Authority: 42 USC 1320d-2 42 USC 1320d-3 PL 104-191, sec 262 PL 104-191, sec 264 |
Legal Deadline:
None |
||||||
Statement of Need: The Department received many inquires from Congress, industry, and private citizens about how the rule will operate, and concerns over the complexity and workability of the rule. On July 6, 2001, in response to these and other comments, the Department issued guidance to address some of the misunderstandings regarding the rule, and to provide clarifications on various provisions. The Department has preliminarily determined that some modifications to the Privacy Rule would be appropriate. Entities covered by the Privacy Rule have until April 14, 2003 to come into compliance (and until April 14, 2004 for small health plans). Timely action is needed so that covered entites can implement these modifications to meet these deadlines with minimal cost and disruption. |
||||||
Summary of the Legal Basis: Section 262 of the Health Insurance Portability and Accountability Act of 1996, adding Section 1174 to the Social Security Act (42 U.S.C. 1320d-3), generally provides that the Department, in reference to the privacy and other standards, "shall review the standards ... and shall adopt modifications to the standards (including additions to the standards), as determined appropriate .... Any addition or modification to a standard shall be completed in a manner which minimizes the disruption and cost of compliance." |
||||||
Alternatives: Modifications to the Privacy Rule requires rulemaking. Therefore, there are no alternatives to regulatory action. |
||||||
Anticipated Costs and Benefits: The anticipated cost and benefits are not known at this time because decisions have not been made regarding specific changes in the Privacy Rule. The options being considered to address workability are expected to reduce cost and to remove barriers to access to or the quality of health care. |
||||||
Risks: Not applicable. |
||||||
Timetable:
|
Regulatory Flexibility Analysis Required: Yes | Government Levels Affected: Federal, Local, State, Tribal |
Small Entities Affected: Businesses | Federalism: Yes |
Included in the Regulatory Plan: Yes | |
Agency Contact: Susan McAndrew Senior Health Information Policy Specialist Department of Health and Human Services Office of the Secretary Office for Civil Rights, 200 Independence Avenue SW., Washington, DC 20201 Phone:202 205-8725 |