February 2003 AAOS Report
HIPAA Security Rule and TCS Changes Delayed
The HIPAA Security Rule as well as changes to the Transactions and Code Sets (TCS) Rules were not published on schedule. Information concerning these regulations was expected to appear in the Federal Register in late December 2002. The Security Rule, which is intended to protect the integrity of electronic health data, still faces budgetary review from the Office of Management and Budget. The review process, which normally takes two weeks, could take much longer with a rule as large and complex as the Security Rule.
Originally, covered entities were required to be in compliance with the Transactions and Code Sets regulations by Oct. 16, 2002. However, practices that filed a Compliance Plan prior to that date were granted a one-year extension, until Oct.16, 2003. Such covered entities, however, are still required to begin active testing activities by April 16, 2003. The date when practices must comply with the HIPAA Privacy Rule remains April 14, 2003.