View Rule
View EO 12866 Meetings | Printer-Friendly Version Download RIN Data in XML |
HHS/OCR | RIN: 0945-AA04 | Publication ID: Spring 2022 |
Title: Considerations for Implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act, as Amended | |
Abstract:
This Request for Information (RFI) solicits the public's views on establishing a methodology for the distribution of CMPs and monetary settlements to those harmed by an offense under the HIPAA Rules relating to privacy or security. The RFI also seeks comment on ways to address in guidance or regulation the requirement for OCR to consider certain recognized security practices of covered entities and business associates when making certain HIPAA enforcement determinations. |
|
Agency: Department of Health and Human Services(HHS) | Priority: Other Significant |
RIN Status: Previously published in the Unified Agenda | Agenda Stage of Rulemaking: Prerule Stage |
Major: No | Unfunded Mandates: No |
CFR Citation: 45 CFR 160 45 CFR 164 | |
Legal Authority: Social Security Act, sec. 1776 (42 U.S.C. 1320d-5) added by Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub. L. 104-191, sec. 264 (August 21, 1996) Health Information Technology for Economic and Clinical Health (HITECH) Act (title XIII of the American Recovery and Reinvestment Act of 2009) Pub. L. 111-5, sec 13410(c)(3) and (4) sec. 13412 as added by Pub. L. 116-321 (January 5, 2021) 42 U.S.C. 1320d-5, as amended |
Legal Deadline:
|
|||||||||
Overall Description of Deadline: There is no statutory deadline on taking recognized security practices into account in HIPAA enforcement actions as the HITECH amendment does not require rulemaking. The statutory deadline for issuing a rule establishing a methodology for the distribution of CMPs and monetary settlements to those harmed by an offense under the HIPAA Rules relating to privacy or security is not later than three years after the enactment of the HITECH Act. |
|||||||||
Timetable:
|
Regulatory Flexibility Analysis Required: No | Government Levels Affected: Federal, Local, State, Tribal |
Small Entities Affected: No | Federalism: No |
Included in the Regulatory Plan: No | |
RIN Information URL: www.hhs.gov/ocr/privacy | |
RIN Data Printed in the FR: No | |
Agency Contact: Marissa Gordon-Nguyen Senior Advisor for Health Information Privacy, Data, and Cybersecurity Policy Department of Health and Human Services Office for Civil Rights 200 Independence Avenue SW, Washington, DC 20201 Phone:800 368-1019 TDD Phone:800 537-7697 Email: ocrprivacy@hhs.gov |