Explosive growth in digital health over the last few years means there are many developers and managers who haven’t worked under HIPAA before. This guide is written for startups (and small businesses operating online) who could use some help with the basics of HIPAA compliance.
(a) Except as provided in paragraph (b) of this section, the Secretary may adopt a modification to a standard or implementation specification adopted under this subchapter no more frequently than once every 12 months.
(b) The Secretary may adopt a modification at any time during the first year after the standard or implementation specification is initially adopted, if the Secretary determines that the modification is necessary to permit compliance with the standard or implementation specification.
(c) The Secretary will establish the compliance date for any standard or implementation specification modified under this section.
(1) The compliance date for a modification is no earlier than 180 days after the effective date of the final rule in which the Secretary adopts the modification.
(2) The Secretary may consider the extent of the modification and the time needed to comply with the modification in determining the compliance date for the modification.
(3) The Secretary may extend the compliance date for small health plans, as the Secretary determines is appropriate.
[65 FR 82798, Dec. 28, 2000, as amended at 67 FR 38019, May 31, 2002]