Despite HIPAA compliance deadline, OCR to delay some requirements

 data-cke-saved-src=While today marks the first day that healthcare organizations and their business associates will need to be in compliance with the HIPAA omnibus rule unveiled in January, the U.S. Department of Health & Human Services is already making exceptions and delaying certain aspects of the rule.

An announcement from HHS states that the Office for Civil Rights (OCR) will delay its enforcement of the requirement that "certain HIPAA-covered laboratories revise their notices of privacy practices (NPPs) to comply with the modifications made to the HIPAA Rules published in the Federal Register on January 25, 2013, commonly known as the 'Omnibus Rule,' until further notice."

The new rule comprises four final rules, according to HHS, "which have been combined to reduce the impact and number of times certain compliance activities need to be undertaken by regulated entities."

"Much has changed in healthcare since HIPAA was enacted over 15 years ago,"HHS Secretary Kathleen Sebelius said in an announcement in January. "The new rule will help protect patient privacy and safeguard patients' health information in an ever expanding digital age."

At the time of the rule's reveal, several FierceHealthIT Editorial Advisory Board members noted that the execution would present a multitude of challenges.

OCR, earlier this month, estimated that healthcare organizations will spend 32.8 million hours complying with the modified HIPAA omnibus rule. The bulk of that time--30.655 million hours--will involve the dissemination and acknowledgement of privacy practices at provider offices.

Mark Dill, director of information security at Cleveland Clinic, recently offered tips for preparing one's organization for a HIPAA audit, including these five: know what gaps are in your program in advance, be organized, display your results in the right format, use three-year benchmarks as evidence of compliance and analysis, and partner with a reputable third-party consultant or firm.

Starting Oct. 1, 2014, a permanent HIPAA security audit program will begin, according to OCR officials.

To learn more:
- read the announcement from HHS

Suggested Articles

An assessment looking at 12 health systems that allow patients to download their health records to their smartphones via APIs finds modest uptake.

The National Institutes of Health-led All of Us precision medicine project has enrolled 230,000 participants with another 40,000 people registered.

Hospitals must pursue a deliberate strategy for managing their public image—and a powerful tool for doing so is inpatient clinical data registries.