The U.S. Department of Health and Human Services (HHS) proposed a new federal healthcare information privacy rule yesterday that would expand patients' rights to access their information and restrict certain types of disclosures of protected health information to health plans, according to InformationWeek.
The proposed rule is part of the Obama administration's plan for every citizen to have an electronic medical record by 2014.
The changes are also a response to the Health Information Technology for Economic and Clinical Health (HITECH) Act, which requires HHS to change the Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules by strengthening the privacy and security protections for health information.
The proposed rule would strengthen and expand HIPAA privacy, security and enforcement rules by:
- Expanding individuals' rights to access their information and to restrict certain kinds of disclosures of protected health information to health plans;
- Requiring business associates of HIPAA-covered entities to follow most of the same rules as the covered entities;
- Setting new limitations on the use and disclosure of protected health information for marketing and fund raising; and
- Prohibiting the sale of protected health information without patient authorization.
HHS also unveiled a Health Data Privacy and Security Resources website where you can learn about HHS privacy policies.
To learn more:
- read the proposed rule issued by HHS on July 8
- read this Computerworld article via Businessweek
- check out the DOTmed News account
- take a look at CMIO's article
- read the InformationWeek story
Tougher penalties for HIPAA violations
HIPAA rule allowing patient info to be used for fundraising solicitation comes under fire
OCR sets rules for sharing HIPAA breach information