HHS has announced that it will extend by one year the interim final rule establishing civil penalties for violations of the privacy, electronic transactions and security rules of HIPAA, AHA News reports. HHS decided to extend the procedural rule, which was set to expire on Thursday, to "avoid disruption of ongoing enforcement actions" while the agency develops a "more comprehensive enforcement rule," according to the interim final rule. The rule will continue until Sept. 16, 2005 (AHA News, 9/15).
The interim rule establishes procedures for imposing civil penalties on entities that violate standards for the format and protection of health information under HIPAA's administrative simplification procedures, Health Data Management reports. Penalties include civil fines or exclusion from federal health programs. The final rule will include a regulatory definition of what constitutes a violation and how penalties will be determined (Health Data Management, 9/15).
The rule does not address the 19 comments submitted to HHS in response to the original procedural rule, including those by the American Hospital Association, which called for "closer alignment with HHS Office of Inspector General civil money penalty procedures, a less punitive enforcement approach to HIPAA transactions and better guidance on how to handle violations of the privacy law," AHA News reports (AHA News, 9/15).