Tuesday, July 13, 2010

Privacy and Security Redux

A sixty day comment period starts tommorrow on newly proposed regulations under HIPAA that would:
In addition, the proposed rule is designed to strengthen and expand Office of Civil Rights' ability to enforce HIPAA’s Privacy and Security provisions. These rules are mandated by HITECH.

“Giving more Americans the ability to access their health information wherever, whenever and in whatever form is a critical first step toward improving our health care system,” said ONC's David Blumenthal. “Empowering Americans with real-time and secure access to the information they need to live healthier lives is paramount.”

HHS also launched today a privacy website at http://www.hhs.gov/healthprivacy/index.html.

“HHS strongly believes that an individual’s personal information is to be kept private and confidential and used appropriately by the right people, for the right reasons,” said Joy Pritts, recently appointed Chief Privacy Officer. “Without such assurances, an individual may be hesitant to share relevant health information.”

HHS is also looking more closely at entities that are not covered by HIPAA rules to understand better how they handle personal health information and to determine whether additional privacy and security protections are needed for these entities.

PHRs will be covered under HIPAA, if they act on behalf of a covered entity.  The rule does not apply to PHR vendors that provide services on behalf of the patient instead of the covered entity (e.g., Google, Microsoft).

No comments: