HHS Proposes Stricter Patient Privacy Rules
New rules have been proposed by the Department of Health and Human Services to stregthen patient privacy protections.
Computerworld/Bloomberg Businessweek: The proposed change to the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which "would let patients restrict access to certain health information and ban the sale of patient data without consent," was announced Thursday "by David Blumenthal , head of the Office of the National Coordinator (ONC) for Health Information Technology, and Georgina Verdugo, director of the Office for Civil Rights (OCR). In addition to boosting patient rights, the proposal would extend certain privacy and security rule requirements to business associates of organizations already covered by HIPPA rules, and establish new limitations on the use of protected health information for marketing and fundraising purposes" (Mearian, 7/8).
Government Health IT: "The proposal enlarges individuals' rights to access their information and restricts certain types of disclosures of protected information to health plans. And it requires business associates of HIPAA-covered entities to be under most of the same rules as the covered entities. The rule also sets new limitations on the use and disclosure of protected health information for marketing and fundraising and prohibits the sale of protected health information without the patient's authorization" (Robinson, 7/8).
Reuters: "Billing companies, customer service contractors and other businesses regularly handle private health records, but currently, they are not liable for information breaches. The proposed rule would treat these companies the same as doctors, hospitals and insurance companies that already face penalties for disclosing private information, such as a patient's medical or payment history. The maximum civil penalties are $50,000 per violation, and $1.5 million a year." HHS "also announced it would post summaries of all major breaches online" (Lentz, 7/8).
Modern Healthcare: "A 60-day public comment period on the proposed rule opens July 14. Also due soon from ONC is a final regulation on standards and criteria by which electronic health-records systems will be tested and certified for eligibility in a stimulus law program subsidizing EHR purchases by providers. The regulation would ensure that EHRs contain the technical 'capabilities to support needed privacy and security requirements,' according to the HHS statement" (Conn, 7/8).
CongressDaily/Nextgov: "Deven McGraw, director of the Center for Democracy and Technology's Health Privacy Project, noted the importance of strong privacy and security protections to the success of health IT. 'The public supports electronic health networks but they also have legitimate concerns about the privacy risks,' McGraw said in a statement on the proposed rules. 'The promise of health information technology to help reform our health care system will fail if policymakers don't take the public's privacy concerns seriously'" (Gruenwald, 7/8).