New Authority Enforces HIPAA Security
Health and Human Services (HHS) Secretary Kathleen Sebelius announced Aug. 3 that the Office for Civil Rights (OCR) is the new authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.
OCR has been responsible for enforcement of the Privacy Rule—which provides federal protections for personal health information held by covered entities and gives patients certain rights to that information—since 2003. As the new authority for the Security Rule, an HHS press release stated, OCR “will eliminate duplication and increase efficiencies in how the department ensures that Americans’ health information privacy is protected.”
The Centers for Medicare & Medicaid Services (CMS)—the former HIPAA Security Rule administration and enforcement authority—will continue to administer and enforce HIPAA Administrative Simplification regulations.
“The transition of security complaints from CMS to OCR has no impact on how complaints about Transactions and Codes Sets or Unique Identifiers are filed or processed. CMS retains its enforcement authority for these other HIPAA rules,” OCR states in a July 27 press release.
HHS will continue to administer and enforce federal standards for health information privacy called for in HIPAA.
The newly delegated authority was made to improve enforcement of the Privacy and Security Rules, in accordance with a Health Information Technology for Economic and Clinical Health (HITECH) Act mandate.
“Security and privacy of health information are increasingly intersecting as the department works with the health industry to adopt electronic health records and participate in an even greater level of electronic exchange of health information,” said Secretary Sebelius in the HHS press release. “Privacy and security are naturally intertwined, because they both address protected health information. Combining the enforcement authority in one agency within HHS will facilitate improvements by eliminating duplication and increasing efficiency.”
For more information regarding HIPAA security and privacy regulations, please visit OCR Web site.