HIPAA Enforcement Rule Extended
Health Data Management (September 15, 2004)

The Department of Health and Human Services has published a notice extending by one year the interim final rule establishing enforcement procedures for the HIPAA administrative simplification provisions. The department published the interim rule on April 17, 2003, and it was set to expire on Sept. 16, 2004. Now, the interim rule, covering the HIPAA privacy, security, and transactions and code sets rules, will continue until Sept. 16, 2005.
The department published the notice of extension Sept. 15 in the Federal Register, available at www.gpoaccess.gov/fr/index.html.

“Notwithstanding this extension, HHS fully expects to issue the final rule that will result from the forthcoming rulemaking as soon as possible rather than at or near the new Sept. 16, 2005, expiration date," according to the notice. "However, a one-year extension should provide HHS with a period sufficient to avoid another extension, should unexpected circumstances delay the regulatory development process.”

In April 2003, HHS called the interim final rule “the first installment” of a HIPAA enforcement rule to be published later. The interim rule established rules of procedure for imposing civil penalties on entities that violate standards for the format and protection of health information under HIPAA’s administrative simplification provisions.

The penalties include civil fines or exclusion from federal health programs. The final enforcement rule will include, among other provisions, a regulatory definition of what constitutes a violation and how the penalties will be determined.

Posted to HIPAAcomply 9/15/04