The Department of Health and Human Services (HHS) has published a proposal recommending mandatory data security rules for studies involving personally identifiable data, reports the Hogan Lovells Chronicle of Data Protection. The proposal also states that de-identified data may have to meet HIPAA standards going forward and further recommends that standard be reviewed to ensure it is keeping pace with technology and the associated risks. These proposals would mean significant changes in protocol for many research entities, according to the report, and HHS plans to provide enforcement and regular audits to ensure compliance. The proposals were released as Advance Notice of Proposed Rulemaking and are open for comment. Editor's Note: For more related to HIPAA, register for the IAPP's next Web Conference, The Upcoming OCR HIPAA Audit Program: What To Expect and How To Prepare, which will be held this Thursday, July 28.
If you want to comment on this post, you need to login.