Data Destruction News
August 2009   VOLUME 5 ISSUE 8  
HOME
CONTENTS
AccuShred Team Members Become Authorized Compliance Toolkit Providers
Finance Firm Slapped with Fines for Lack of Destruction Policies
Sifting Through the Mounting Problem of E-Waste
FTC Delays “Red Flags” Rule For Identity Theft Yet Again
Fake Security Software Steals $34 Million Monthly
HHS Delegates Authority for the HIPAA Security Rule to New Department
HHS Delegates Authority for the HIPAA Security Rule to New Department
Office of Civil Rights has been Issued Authority to Regulate Rule
by HHS Press Office

Health and Human Services Secretary Kathleen Sebelius recently announced that authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule has been delegated to the Office for Civil Rights (OCR). OCR’s administration and enforcement of the Security Rule, which had previously been delegated to the Centers for Medicare & Medicaid Services (CMS), will eliminate duplication and increase efficiencies in how the department ensures that Americans’ health information privacy is protected.

HHS has the authority for administration and enforcement of the federal standards for health information privacy called for in HIPAA. The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. OCR has been responsible for enforcement of the Privacy Rule since 2003. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009, mandated improved enforcement of the Privacy Rule and the Security Rule.

“Security and privacy of health information are increasingly intersecting as the department works with the health industry to adopt electronic health records and participate in an even greater level of electronic exchange of health information,” said Secretary Sebelius. “Privacy and security are naturally intertwined, because they both address protected health information. Combining the enforcement authority in one agency within HHS will facilitate improvements by eliminating duplication and increasing efficiency.”

Through a separate delegation, CMS continues to have authority for administration and enforcement of the HIPAA Administrative Simplification regulations, other than privacy and security of health information.
[PRINTER FRIENDLY VERSION]
www.accushred.net or call (800) 747-3341
Published by AccuShred, LLC
Copyright © 2009 AccuShred, LLC. All rights reserved.
Data Destruction News is sent to AccuShred customers and anyone who has expressed interest in our services. To stop receiving this newsletter, enter your email address in the subscription box appearing within the newsletter and choose the Remove option. Or, just click one of the links at the bottom of the email message. 		TELL A FRIEND
Powered by IMN