Attorneys Watching for Potential Changes to HHS’ HIPPA Proposal
The Trump administration will have the opportunity to pause or terminate Health and Human Services’ proposal to modify the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, compliance attorneys said Monday.
Sign up for a free preview to unlock the rest of this article
The HHS Office for Civil Rights on Monday issued an NPRM aimed at improving existing standards for protecting the confidentiality and integrity of electronic protected health information (see 2501060045). Covered entities include health plans, healthcare clearinghouses and most healthcare providers, according to HHS.
HHS has proposed new, “strict” compliance timelines, wrote Mintz attorneys Dianne Bourque and Pat Ouellette. The proposal includes a requirement for “written policies to restore the loss of relevant information systems and data within 72 hours of an incident.” Certain entities would have 24 hours to notify regulators when they terminate a worker’s access to relevant data in an incident. Business associates and subcontractors would need to notify covered entities about the initiation of a contingency plan within 24 hours, according to the proposal. Public comments are due March 7.
The proposal is subject to change as the incoming administration “will have the opportunity to determine how it would like to proceed, if at all, with possible finalization, including pausing the process for review of and accounting for public comments or modifying the proposal,” said Mintz.