When the Privacy Legislation is finalized, what is the expected compliance date?
Why should a health care provider start looking and planning for having to implement and be compliant with the PROPOSED standards before they are even finalized? Why waste 3 – 6 months waiting for a final regulation that will have very few changes (less than 3%), and most of those changes we are aware of and are minor. One of the things we should have learned from Y2K was the earlier we start, the longer we take, the better the outcome and less it costs. There are going to be very few changes in the Security NPRM, and those will largely be definitional (e.g., definition of a small plan will be aligned with SBA’s definition of small business, $5M or less in revenue) and clarifications (e.g., paper and oral covered if they are the source or progeny of an electronic record). The biggest change is the removal of Electronic Signature from the Security regulations and attaching it to another regulation later on (maybe an identifier standard). After two years of delays, the transactions and c
