The Department of Health and Human Services (HHS) plans to release in May a proposed rule strengthening existing privacy, security, and enforcement requirements for organizations handling patients’ health information, Healthcare IT News reports. The rule is required by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The rule also toughens related provisions in the Health Insurance Portability and Accountability Act (HIPAA) as the adoption of electronic health records (EHRs) and health information exchange (HIE) expands the number of organizations that may have access to personal data.

The proposed rule focuses on the liability of business associates of health care providers and plans; new limitations on the sale of protected health information; and stronger individual rights to access electronic medical records and restrict the disclosure of certain information, HHS said.

HHS published the May timeframe in its semiannual regulatory agenda in the April 26 Federal Register, but did not offer any other details.

Although the HITECH Act had called for the more robust protections to be effective in February, the proposed rule from HHS Office of Civil Rights (OCR), which oversees health information privacy, will identify the expected date of compliance and enforcement of the new requirements.

Other HITECH privacy and security provisions have already taken effect, including notification of a breach of personal health information to the individual, and in some cases to HHS, and stiffer fines for HIPAA privacy and security violations.

One Response to “Proposed HITECH Privacy Rule to be Released”

1. Mike Glaser Says:
   May 10th, 2010 at 5:57 am

   I wish that the Feds would themselves be as conscientious about protecting the privacy of our citizenry from Government abuse as they are in constantly handing down unfunded mandates ostensibly designed to protect “privacy” in the private sector. I’ve worked in healthcare for 21 years, and cannot recall a time when our office policy treated patient confidentiality in a cavalier manner. I’m certain that there have been occasional abuses of patient information within the industry, but not to the degree that would justify creating yet another bloated bureaucracy in the image and likeness of the “privacy police.” The greatest impact of the endless legislation and regulation forced upon the healthcare industry is to keep those who sponsor seminars employed and of course, to keep creating cash cows for lawyers. An ancient Roman senator is credited with the following, “corruptissima republica plurimae leges,” which translates to, “the more corrupt the republic, the more numerous the laws.” How appropriate are those words in times like these.

Add a Comment

Name (required)

Email Address (will not be published) (required)

Attention: AAPC does not regularly monitor comments posted here. For customer service issues, contact us. In addition, we recommend posting your questions to the AAPC forums.

CAPTCHA Code *