The Department of Health and Human Services (HHS) has published an interim final rule with comment period strengthening Health Insurance Portability and Accountability Act (HIPAA) enforcement provisions, as mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Specifically, the rule establishes a tiered penalty framework for HIPAA’s Administrative Simplification Rules (i.e., Privacy Rule, Security Rule, Transactions and Code Sets Rules, Standard Unique Identifier for Employers, and Standard Unique Identifier for Health Care Providers). Under the HITECH Act, these provisions went into effect February 18, 2009. HHS will accept comments on the interim final rule until December 29, 2009, and the effective date of the rulemaking is November 30, 2009. A Reed Smith summary of the rule is available here.