Photo of Kimberly Gold

The U.S. Department of Health and Human Services filed a Notice of Enforcement Decision on Friday, April 26, 2019, announcing a new system of annual penalty limits for HIPAA violations based on an entity’s level of culpability. The agency revised its previous interpretation of the Health Information Technology for Economic and Clinical Health Act (HITECH

Today the U.S. Department of Health and Human Services (HHS) announced that it would extend until June 3, 2019 the comment periods for the Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) proposed interoperability and information blocking rules.  CMS also announced that as a result of public comments, it “will adjust the effective dates of our policies to allow for adequate implementation timelines as appropriate.”

In related developments, the ONC also released the second draft of the Trusted Exchange Framework and Common Agreement, along with a related Notice of Funding Opportunity.  In addition, HHS released a set of frequently asked questions (FAQs) from the Office for Civil Rights (OCR), addressing HIPAA’s right of access as related to apps designated by individual patients and application programming interfaces (APIs) used by a healthcare provider’s electronic health record (EHR) system.  The FAQs clarify, among other things, that once protected health information (PHI) has been shared by a HIPAA covered entity with a third-party app, as directed by the individual, the covered entity will not be liable under HIPAA for subsequent use or disclosure of electronic PHI, provided the app developer is not itself a business associate of a covered entity or other business associate. 
Continue Reading HHS Announces Extended Comment Period for Healthcare Interoperability Proposed Rules, Releases New HIPAA FAQs