Summary of Changes to Questions Sets - Second Quarter 2010

We would like to notify you of changes that have been made to the ComplyTrack Risk Assessment questions in the Comprehensive Library for the Provider Baseline. As part of the Quarterly Review Process, the following Risk Assessments were reviewed this quarter:

In a notice published in the Federal Register on August 4, 2009, Kathleen Sebelius, Secretary of the Department of Health and Human Services delegated authority to the Director of the Office of Civil Rights over the HIPAA Security rules.  With this delegation, the OCR is responsible for interpreting and enforcing both the HIPAA Privacy and Security rules.  The OCR can now impose civil money penalties, issue subpoenas, and make exception determinations.  The delegation is effective immediately. See 74 FR 38630.