Authority for the administration and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule has been delegated to the Office for Civil Rights (OCR), according to an announcement from the U.S. Department of Health and Human Services (HHS). OCR’s administration and enforcement of the Security Rule had previously been delegated to the Centers for Medicare & Medicaid Services (CMS). OCR has been responsible for enforcement of the HIPAA Privacy Rule since 2003.
The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The Health Information Technology for Economic and Clinical Health Act, part of the American Recovery and Reinvestment Act of 2009, mandated improved enforcement of the Privacy Rule and the Security Rule.
Through a separate delegation, CMS continues to have authority for administration and enforcement of the HIPAA Administrative Simplification regulations, other than privacy and security of health information.
Read the HHS press release.
