HHS issued guidance on protecting personally identifiable healthcare information by encrypting or destroying it so that it is rendered unusable, unreadable or indecipherable to unauthorized individuals. The 20-page document was the work of a joint effort by HHS, its Office of the National Coordinator for Health Information Technology and Office for Civil Rights, and the CMS. The guidance was required by the stimulus package and is linked to a pair of breach-notification regulations required under the legislation. One is to be issued by HHS, the other by the Federal Trade Commission. Previously, the FTC issued an interim rule and a request for comments covering breach notification by personal health-record vendors and other entities not covered by the privacy and security provisions of the Health Insurance Portability and Accountability Act of 1996 (See story, p. 10). HHS also requests public comments on the proposed rulemaking due by May 21.
Late News: HHS offers guidance on protecting health information
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.