Friday, July 9, 2010

HHS Releases New Proposed HIPAA Security and Privacy rules

I am amazed that out of one side of HHS they ask for healthcare-IT to be adopted quickly, while they continue to release HUGE new documents. In this case it is an update of the HIPAA Privacy and Security rules, probably a worthy thing to do. But does it need to be so big and vague?  Why is 234 page really necessary? Yes the first 175 pages are introduction that is not legal, but still this is excessive. The deadline for the comments is 60 days past the official publication. So, I am sure no one will do anything in the next 120 days for fear that they are doing something that might be in violation of these new rules.

HHS has announced the release of a HIPAA Privacy & Security NPRM which will modify aspects of HIPAA as amended under the HITECH Act. The NPRM has not officially been published in the Federal Register, however, the pre-publication PDF of the rule was released and can be found at:
I will be further dissecting this NPRM on my blog and responding to .

My point is not specifically against this new rule. But rather that HHS/ONC seem to be continuously ripping open the scab just as we start to feel like we understand what to do. If it is not security/privacy it is some new statement on code-sets, or document types, or etc...