NPRM (Notice Of Proposed Rule Making) Conference Call July 8: Not Much New

Posted July 8, 2010 08:25 AM by Jack Anderson CEO Compliance Helper    

If you have read my previous blogs you will have already realized that I am not a privacy and security expert, Rebecca Herold is in charge of that.  My job is to try and figure out how to develop tools to help small covered entities and business associate comply at a cost that is "reasonable and appropriate" and to deliver those tools.

I sat in on the conference and while the speeches were nice, didn't feel that I heard anything new or startling.  I will wait for expert opinion to see if that impression was correct.  What I did hear was a strong emphasis on getting business associates compliant including applying the same penalties to them which apply to covered entities.  Silly me, I thought that was already the case, but I guess not.

I was surprised that this was going back out for public comment since I thought we had already been through that.  Perhaps my perspective is influenced by my focus on helping the hundreds of thousands of non-compliant business associate get compliant.

Should you be interested here is a link to the complete text, and if you find some pearls of wisdom here that I missed please send me a comment.  I hope this acts as a clarion call to business associates to get compliant but rather doubt that they will read the 234 pages, nor will I, but I will totally skim them.

http://www.ofr.gov/OFRUpload/OFRData/2010-16718_PI.pdf