As a valuable reference tool, please feel free to circulate and use this specially bookmarked PDF of ARRA, (in Acrobat just click on View, Navigation Panels, Bookmarks to navigate the sections of the bill). Thanks to Robin Raiford of Eclipsys for creating it.
The timeline below is based on work by the Markle Foundation and the Center for Democracy and Technology. Thanks for their effort!
Upon enactment (February 16, 2009)
*Application of new tiered civil penalties based on the nature of HIPAA violations, up to $50,000 per violation and an annual maximum of $1.5 million (Section 13410)
*Enforcement by State Attorney Generals for offenses occurring post enactment (Section 13410e)
Within 45 days of enactment (April 3, 2009)
*Appointment of HIT Policy Committee members (Section 3002b)
Within 60 days of enactment (April 18, 2009)
*HHS Secretary will issue guidance on methodologies and technologies that render information unreadable (Section 13402)
Within 180 ays of enactment (August 16, 2009)
*HHS and the Federal Trade Commission will promulgate interim final regulations on notification of breaches. The FTC rules will apply to breach notification by PHRs that are not covered by HIPAA or Business Associate agreements (Section 13402, 13407)
By December 31, 2009
*HHS must adopt through rulemaking the initial prioritized set of standards which should include the accounting for disclosures (Section 3002b)
Due within one year post enactment (February 17, 2010)
*The Secretary will appoint a Chief Privacy Officer (Section 3001)
*The Office of Civil Rights and HHS will launch an education initiative to improve public transparency on the use of health information (Section 13403)
*The Government Accountability Office will report on best practices for disclosures for treatment and use of electronic informed consent (Section 13424)
*HHS will report on and provide guidance on de-identification (section 13424c)
*Covered entities must enter into Business Associate Agreements with PHRs, HIEs, and other services that handle projected health information (Section 13405e)
*HHS will issue rules on opting out of fundraising solicitations (Section 13406)
*HHS will report on guidance on the effective technical safeguards for carrying out the HIPAA security rule (Section 13401c)
*HHS and the Federal Trade Commission will report on privacy and security requirements for PHR vendors and applications
One year post enactment (February 17, 2010)
*HHS and the Office of Civil Rights clarify application of criminal penalties for non-covered entities (Section 13409)
*HHS to issue rules on which entities are required to be business associates (Section 13401)
*Right to restrict disclosures to health plans for services paid for out of pocket (Section 13405a)
*HHS Secretary required to conduct periodic audits of entities covered by HIPAA (Section 13411)
*Right of electronic access of records by patients takes effect (Section 13405e)
Within 18 months of enactment (August 17, 2010)
*HHS guidance on minimum necessary data (Section 13405c)
*Regulations regarding sale of data prohibition which take effect 6 months post promulgation (Section 13405a)
By 2011
*Initial deadline for complying with new accounting and disclosure rules for information kept in EHRs acquired after January 1, 2009 (Section 13405c)
24 months post enactment (February 17, 2011)
*Clarification of ability to pursue civil penalties when criminal penalties are not pursued (Section 13405)
By 2012
*Regulations for methodology for distributing penalties or settlement money to harmed individuals (Section 13410)
By 2013
*Extended deadline for complying with new accounting and disclosure rules for information kept in EHRs acquired after January 1, 2009 (Section 13405c)
By 2014
*GAO will report on the impact of ARRA (Section 13424)
*Initial deadline for complying with new accounting and disclosure rules for information kept in EHRs acquired before January 1, 2009 (Section 13405c)
By 2016
*Extended deadline for complying with new accounting and disclosure rules for information kept in EHRs acquired before January 1, 2009 (Section 13405c)
No comments:
Post a Comment