November 4 — The following summarizes the major changes to and new provisions of the HIPAA Privacy, Security, and Enforcement Rules proposed by the Department of Health and Human Services (HHS) in its notice of proposed rulemaking published July 14, 2010 (75 Fed. Reg. 40867). Many of these changes are proposed to implement the HITECH Act, but several of the changes go beyond the provisions of the statute.
Other topics covered in this rulemaking were not raised by the HITECH Act and are instead proposed to address issues HHS has identified based on its experience interpreting and administering the rules. Some subjects covered by the HITECH Act, such as breach notification and accounting for disclosures from electronic health records, were not covered in this rulemaking and so are not discussed below. The public comment period on this proposed rulemaking ends September 13, 2010. Unless otherwise noted below, the compliance deadline for these proposed requirements will be 180 days from the date of publication of the final rule.