Menu

Aug 03 2009

HHS Secretary Delegates HIPAA Security Rule to Office for Civil Rights

In a press release today, HHS Secretary Kathleen Sebelius announced that authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule has been delegated to the Office for Civil Rights (OCR). OCR’s administration and enforcement of the Security Rule had previously been delegated to the Centers for Medicare & Medicaid Services (CMS), and, according to the press release, this change will eliminate duplication and increase efficiencies in how the department ensures that Americans’ health information privacy is protected.

OCR has been responsible for enforcement of the Privacy Rule since 2003. As part of the American Recovery and Reinvestment Act of 2009 (ARRA), the Health Information Technology for Economic and Clinical Health (HITECH) Act mandated improved enforcement of the Privacy Rule and the Security Rule.

Consumers may continue to submit HIPAA security complaints using the on-line resource: the Administrative Simplification Enforcement Tool (ASET), found at https://htct.hhs.gov/aset/. New security complaints may also be sent to the Office for Civil Rights.

CMS will continue to have authority for administration and enforcement of the HIPAA Administrative Simplification regulations, other than privacy and security of health information.