The omnibus final rule that covers changes to privacy, security, breach notification and enforcement rules under HIPAA will not include a requirement for encrypting protected health information, an HHS Office for Civil Rights official confirmed to Health Data Management.
Earlier proposals never called for a change to the current security rule on encryption. Since a mandate for encryption would require more rulemaking, as it stands, it appears such a mandate will not be included in the omnibus final rule.
"If the requirement for encryption changes from an addressable implementation specification to a required implementation specification under the security rule, then normal notice and comment rulemaking processes would need to follow," said Susan McAndrew, deputy director for health information privacy for OCR.
The OCR expects to release the final rule in the next several months, she said.
Read the news report about the omnibus HIPAA final rule.
Related Articles on HIPAA:
ICD-10 Straight Talk: Overview
HHS Inspector General finds Security Concerns Abound
UIHC Radiologist, Health System Battle Over HIPAA, Patient Safety Claims
Earlier proposals never called for a change to the current security rule on encryption. Since a mandate for encryption would require more rulemaking, as it stands, it appears such a mandate will not be included in the omnibus final rule.
"If the requirement for encryption changes from an addressable implementation specification to a required implementation specification under the security rule, then normal notice and comment rulemaking processes would need to follow," said Susan McAndrew, deputy director for health information privacy for OCR.
The OCR expects to release the final rule in the next several months, she said.
Read the news report about the omnibus HIPAA final rule.
Related Articles on HIPAA:
ICD-10 Straight Talk: Overview
HHS Inspector General finds Security Concerns Abound
UIHC Radiologist, Health System Battle Over HIPAA, Patient Safety Claims