After more than a year of silence on the matter, HHS says it will publish the final HIPAA rule for security of individual health information before the end of August.
The department announced its intentions in a semiannual update of its regulatory agenda.
HHS has offered little insight as to whether the final rule will differ from the proposed standards the Clinton administration issued in 2000. Robert Tennant, a Washington lobbyist for the Medical Group Management Association, expects it to be scaled back.
"In talking to CMS officials, they are convinced that the final security rule will be less onerous than the proposal," Tennant says.
Once the rule comes out, it will be subject to a 60-day congressional review period. The security regulations become enforceable two years after the review ends.