Senior Communications Manager
Kirk Nahra Discusses Compliance Deadline for New Health Privacy Rules
The September 20 article noted that under the updated Health Insurance Portability and Accountability Act (HIPAA) rules, health-care providers and their business associates must make significant changes to some of their processes for protecting confidential patient data. The U.S. Department of Health and Human Services (HHS) had set a September 23 compliance deadline when it issued the rules in January 2013.
Federal officials are still trying to explain exactly what the intricate new requirements mean for companies, according to the article. Mr. Nahra was among attorneys who predicted that HHS may show some leniency toward covered entities that haven’t fully updated their privacy procedures, but are clearly working to comply with the new rule.
“The main impact of the compliance deadline is that it makes the rule real and that companies can’t ignore it anymore,” Mr. Nahra told Law360. “Regulators are most likely to look at people that have had egregious errors” and ignored the requirements, or have had repeated and consistent problems, he said.
If this is the first time a company has ever fallen short, “and they can show that they have been trying, HHS is likely to be more understanding,” Mr. Nahra added.