Delegation of Authority to OCR to implement/enforce HIPAA Privacy Rule

[Federal Register: December 28, 2000 (Volume 65, Number 250)]
[Notices]
[Page 82381]
From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr28de00-100]

Notice is hereby given that I have delegated to the Director, Office for Civil Rights (OCR), with authority to redelegate, the following authorities vested in the Secretary of Health and Human Services:

1. The authority under section 262 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, as amended, to the extent that these actions pertain to the Standards for the Privacy of Individually Identifiable Health Information, to:
   1. impose civil monetary penalties, under section 1176 of the Social Security Act, for a covered entity's failure to comply with certain requirements and standards;
   2. make exception determinations, under section 1178(a)(2)(A) of the Social Security Act, concerning when provisions of State laws that are contrary to the federal standards are not preempted by the federal provisions; and
2. The authority under section 264 of HIPAA, as amended, to administer the regulations, ``Standards for the Privacy of Individually Identifiable Health Information,'' 45 CFR Part 164, and General Administrative Requirements, 45 CFR Part 160, as these requirements pertain to Part 164, and to make decisions regarding the interpretation, implementation and enforcement of these Standards and General Administrative Requirements.

I hereby affirm and ratify any actions taken by the Director of OCR, or any subordinates, involving the exercise of the authorities delegated herein prior to the effective date of this delegation. This Delegation of Authority is effective concurrent with the effective date of the regulations, 45 CFR Parts 160 through 164.

Dated: December 20, 2000. Donna E. Shalala, Secretary.

[FR Doc. 00-33039 Filed 12-27-00; 8:45 am] BILLING CODE 4153-01-M