Earlier proposals never called for a change to the current security rule on encryption. Since a mandate for encryption would require more rulemaking, as it stands, it appears such a mandate will not be included in the omnibus final rule.
“If the requirement for encryption changes from an addressable implementation specification to a required implementation specification under the security rule, then normal notice and comment rulemaking processes would need to follow,” said Susan McAndrew, deputy director for health information privacy for OCR.
The OCR expects to release the final rule in the next several months, she said.
Read the news report about the omnibus HIPAA final rule.
Related Articles on HIPAA:
ICD-10 Straight Talk: Overview
HHS Inspector General finds Security Concerns Abound
UIHC Radiologist, Health System Battle Over HIPAA, Patient Safety Claims
