There has been some rule making activity in the last month that we all should be aware of. Namely HHS released the two new NPRMs for Meaningful Use Stage II and Standards, Implementation Specifications and Certification Criteria for comment. Both have implications for Privacy and Security, but the latter deserves real scrutiny because embedded in its principles is a discussion of Accounting for Disclosures. So be on the look out for these documents which can be found on the OCR website as well as the HIMSS website along with several other useful documents.
The Obama Administration also rolled out a new Internet focused Consumer Privacy Bill of Rights. This latter document while not yet reinforced by legislation is none the less still enforceable by the FTC. During the ONC’s Mobile Security Round Table the representative from the Federal Trade Commission reminded everyone that privacy pledges by organizations on websites or other corporate materials were enforceable under the unfair trade practices statutes reinforcing that the Administrations Bill of Rights doesn’t necessarily need legislation to be enforced. Last but certainly not least we know that the Omnibus rule is sitting over at OMB awaiting release. When that happens there will be plenty for everyone to deal with, but probably most anticipated will be the expected changes to business associates and OCR’s initiation of enforcement actions regarding them. Now is the time to get your program in order.