The Secretary of Health and Human Services, Kathleen Sebelius, released a statement today (August 3) that will be published in the Federal Register tomorrow (August 4) that transfers the responsibility for investigation and enforcement of HIPAA Security Rule violations from the Centers for Medicare and Medicaid Services Office of E-Standards and Services to the Office of Civil Rights of the Department of Health and Human Services, which has responsibility for investigation and enforcement of HIPAA Privacy Rule violations, as well as for all of the new privacy and security regulations governing electronic health records passed as a part of HITECH. It makes sense to us that all of these functions are coordinated in one location. What is interesting about this notice is that it is effective July 27, 2009 (last Monday). Why wait so long to let folks know?
You can see it for yourself at http://www.federalregister.gov/OFRUpload/OFRData/2009-18561_PI.pdf, complete with all of the regulatory mumbo jumbo.