HHS has proposed a new federal healthcare information privacy rule to amend the Health Insurance Portability and Accountability Act of 1996. Reflecting changes Congress sought last year in the stimulus law, the proposed rule would give patients the right to restrict certain disclosures and ban the sale of patient data without patient consent, according to HHS.
Late News: HHS tweaking HIPAA
Rule would boost patients' rights, bans sale of data
An HHS announcement made jointly by David Blumenthal, head of the Office of the National Coordinator for Health Information
Technology, and Georgina Verdugo, director of the Office for Civil Rights, said the proposed rule would:
Establish new limitations on the use and disclosure of protected health information for marketing and fundraising purposes.
Expand individuals' rights to access their information.
Extend the applicability of the HIPAA privacy and security rule requirements to the business associates of covered entities.
Restrict certain disclosures of protected health information to health plans.
Strengthen and expand the Office for Civil Rights' ability to enforce HIPAA's privacy and security provisions.
A 60-day public comment period on the proposed rule opens July 14.
Also due soon from the ONC is a final regulation on standards and criteria by which electronic health-record systems will be tested and certified for eligibility in a stimulus law program subsidizing EHR purchases by providers. The regulation would ensure that EHRs contain the technical “capabilities to support needed privacy and security requirements,” according to the HHS statement.
The statement also said Joy Pritts, the chief privacy officer at the ONC, a position mandated by the stimulus law, “will play a key role in helping ONC design new policies to address privacy and security issues in every phase of health IT development and implementation.”
In addition, ONC staff members are working in conjunction with President Barack Obama's cybersecurity initiative “to solicit input from the best security minds in the federal government.” Based on these activities, according to the statement, “ONC will provide direction on security best practices and standards to technical and policy decisionmakers for inclusion in health information exchange programs.”
A stimulus law program run by the ONC to create a nationwide system of health IT regional extension centers to help providers select and implement EHR systems will educate providers about privacy and security measures, according to the statement.
Curriculum development centers, which are working to assemble educational materials for a stimulus-funded health IT workforce development program, also will incorporate “necessary information” into their programs, and federally funded state health information exchanges and Beacon Communities of health IT excellence “will provide living examples of how privacy and security are successfully implemented and brought to scale.”
The Chicago-based American Health Information Management Association congratulated HHS and the Office for Civil Rights on the new rules, writing in a statement that they “give healthcare consumers several advantages.”
“These proposed rules represent a striking of the difficult balance between improving appropriate health information access and transfer with the necessary confidentiality and security of that same information or data, and the very important inclusion of patients and their guardians in these activities,” the AHIMA statement said.
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.