The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has recently submitted a document on Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules.
The revision will modify the HIPAA Rules to implement the privacy, security, enforcement, and breach notification provisions of Subtitle D of the Health Information Technology for Economic and Clinical Health Act (Title XIII of the American Recovery and Reinvestment Act of 2009), and will modify the HIPAA Privacy Rule as required by section 105 of the Genetic Information Nondiscrimination Act of 2008. HIPAA.com has a good overview of what these changes will mean.
The final rules are expected to be published in the Federal Register soon. Expect that, with the final rules, there will be new data breach enforcement and penalty requirements. Additional provisions could govern the use and resale of patient data, the "harm threshold" for data breaches, basic encryption of data, and establish firmer rules regarding associates and subcontractors.
Given the increased enforcement of HIPAA, and the dire predictions for healthcare data in 2012, we'll keep you apprised of any further developments with these HIPAA rules and enforcement changes.