The HHS Office of Civil Rights (OCR) has indicated that the agency will be delaying enforcement of the HITECH Act provisions under which Business Associates are required to directly comply with the HIPAA Privacy and Security Rules.  Although the statutory compliance date for the Business Associate requirement is February 17, 2010, Adam Greene, an OCR attorney, "unofficially" indicated in a recent speech that HHS will be exercising its enforcement discretion to not enforce the new provision until after a proposed and final rule on this subject have been promulgated.