Explosive growth in digital health over the last few years means there are many developers and managers who haven’t worked under HIPAA before. This guide is written for startups (and small businesses operating online) who could use some help with the basics of HIPAA compliance.
(a) Designation of DSMOs.
(1) The Secretary may designate as a DSMO an organization that agrees to conduct, to the satisfaction of the Secretary, the following functions:
(i) Maintain standards adopted under this subchapter.
(ii) Receive and process requests for adopting a new standard or modifying an adopted standard.
(2) The Secretary designates a DSMO by notice in the FEDERAL REGISTER.
(b) Maintenance of standards. Maintenance of a standard by the appropriate DSMO constitutes maintenance of the standard for purposes of this part, if done in accordance with the processes the Secretary may require.
(c) Process for modification of existing standards and adoption of new standards. The Secretary considers a recommendation for a proposed modification to an existing standard, or a proposed new standard, only if the recommendation is developed through a process that provides for the following:
(1) Open public access.
(2) Coordination with other DSMOs.
(3) An appeals process for each of the following, if dissatisfied with the decision on the request:
(i) The requestor of the proposed modification.
(ii) A DSMO that participated in the review and analysis of the request for the proposed modification, or the proposed new standard.
(4) Expedited process to address content needs identified within the industry, if appropriate.
(5) Submission of the recommendation to the National Committee on Vital and Health Statistics (NCVHS).