View Rule
View EO 12866 Meetings | Printer-Friendly Version Download RIN Data in XML |
HHS/OS | RIN: 0991-AB57 | Publication ID: Fall 2010 |
Title: Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act | |
Abstract: The Department of Health and Human Services Office for Civil Rights will issue rules to modify the HIPAA Privacy, Security, and Enforcement Rules as necessary to implement the privacy, security, and certain enforcement provisions of subtitle D of the Health Information Technology for Economic and Clinical Health Act (title XIII of the American Recovery and Reinvestment Act of 2009). | |
Agency: Department of Health and Human Services(HHS) | Priority: Economically Significant |
RIN Status: Previously published in the Unified Agenda | Agenda Stage of Rulemaking: Final Rule Stage |
Major: Yes | Unfunded Mandates: No |
CFR Citation: 45 CFR 160 45 CFR 164 | |
Legal Authority: PL 111-5, secs 13400 to 13410 |
Legal Deadline:
|
||||||||
Statement of Need: The Office for Civil Rights will issue rules to modify the HIPAA Privacy, Security, and Enforcement Rules to implement the privacy and security provisions in sections 13400 to 13410 of the Health Information Technology for Economic and Clinical Health Act (title XIII of Division A of the American Recovery and Reinvestment Act of 2009, Pub. L. 111-5). These regulations will improve the privacy and security protection of health information. |
||||||||
Summary of the Legal Basis: Subtitle D of the Health Information Technology for Economic and Clinical Health Act (title XIII of the American Recovery and Reinvestment Act of 2009) requires the Office for Civil Rights to modify certain provisions of the HIPAA Privacy and Security Rules to implement sections 13400 to 13410 of the Act. |
||||||||
Alternatives: The Office for Civil Rights is statutorily mandated to make modifications to the HIPAA Privacy and Security Rules to implement the privacy provisions at sections 13400 to 13410 of the Health Information Technology for Economic and Clinical Health Act (title XIII of the American Recovery and Reinvestment Act of 2009). |
||||||||
Anticipated Costs and Benefits: These modifications to the HIPAA Privacy, Security, and Enforcement Rules will benefit health care consumers by strengthening the privacy and security protections afforded their health information by HIPAA covered entities and their business associated. The Agency believe the primary cost associate with this regulation will be for covered entities to revise and redistribute their notices of privacy practices to ensure health care consumers are informed of their new rights and protections. The Agency estimates the cost of revising and redistributing these notices to total approximates $166.1 million over the first year following the effective date of the regulation. Of this total, the cost heal care providers is estimated to be approximately $46 million and to health plans to be approximately $120.1 million. The Agency does not believe that the additional modification to Privacy, Security, or Enforcement Rules required by this regulation will significantly increase covered entity or business associates and in some cases will reduce burden. Further, it is expected that the costs of modifying business associate contracts will be mitigated both by the additional one-year transition period which will allow the costs of modifying contracts to be incorporated into the normal renegotiation of contracts as the contracts expire, as well as sample business associate contract language to be provided by the Agency. |
||||||||
Timetable:
|
Regulatory Flexibility Analysis Required: Yes | Government Levels Affected: Federal, Local, State, Tribal |
Small Entities Affected: Businesses, Governmental Jurisdictions, Organizations | Federalism: No |
Included in the Regulatory Plan: Yes | |
RIN Data Printed in the FR: Yes | |
Agency Contact: Andra Wicks Health Information Privacy Specialist Department of Health and Human Services Office for Civil Rights 200 Independence Avenue SW., Washington, DC 20201 Phone:202 205-2292 Fax:202 205-4786 Email: andra.wicks@hhs.gov |