Healthcare Business News
 

Rule to align privacy regulations on its way


By Joseph Conn
Posted: March 28, 2012 - 1:00 pm ET
Tags:

An omnibus rule to align HIPAA privacy regulations with more-stringent privacy protections contained in the American Recovery and Reinvestment Act of 2009 could be released soon.

The Office for Civil Rights at HHS, the chief federal healthcare privacy- and security-law enforcer and rule writer, has submitted "Modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules" as a final rule the to the White House Office of Management and Budget, according to a posting on the OMB's website.

Typically, OMB review is the last step in the federal rulemaking process before official publication of the rule.

Advertisement | View Media Kit

 

The HIPAA omnibus rule will contain, essentially, regulations covering most of what is in the stimulus law, except the rule regarding the accounting of health information disclosures, which is on a separate rule-making track, according to Deven McGraw, a lawyer and the head of the Health Privacy Project at the Center for Democracy and Technology, a Washington think tank.

"The litany is long," McGraw said. "It's easier to think of what's not going to be in there."

The omnibus rule is expected to create regulations governing the use of patient information for marketing and contain a stimulus-law requirement prohibiting the sale of patient data without patient authorization. It also is expected to deal with a so-called "harm standard"—the subject of an earlier rulemaking misstep—for breach notification.

But for provider organizations, the most problematic new provision, in McGraw's view, will be the one addressing provider relationships with outside health information technology service providers, referred to as "business associates." The stimulus law expands business associates' direct liability under the HIPAA security rule and selectively expands their liability under the privacy rule, according to McGraw. A business associate agreement has "always been important," she said, "Now, they’re even more important, because now there is a mechanism to enforce it."


What do you think?

Share your opinion. Send a letter to the Editor or Post a comment below.

Post a comment

Loading Comments Loading comments...

Search ModernHealthcare.com:


 

Switch to the new Modern Healthcare Daily News app

For the best experience of ModernHealthcare.com on your iPad, switch to the new Modern Healthcare app — it's optimized for your device but there is no need to download.