HHS Announces New Health Information Privacy, Security Rules

WASHINGTON—U.S. Department of Health and Human Services (HHS) Secretary Kathleen Sebelius announced July 8 new rules and resources to strengthen the privacy of health information and to help all Americans understand their rights and the resources available to safeguard their personal health data

Through the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, current health information privacy and security rules will now include broader individual rights and stronger protections when third parties handle individually identifiable health information.

The proposed rule would strengthen and expand enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Enforcement Rules by:

  • Expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans.
  • Requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
  • Setting new limitations on the use and disclosure of protected health information for marketing and fundraising; and
  • Prohibiting the sale of protected health information without patient authorization.

HHS is also looking more closely at entities that are not covered by HIPAA rules to understand better how they handle personal health information and to determine whether additional privacy and security protections are needed for these entities.

HHS also launched a privacy website at http://www.hhs.gov/healthprivacy/index.html to help visitors easily access information about existing HHS privacy efforts and the policies supporting them.

The HITECH Act established the position of Chief Privacy Officer in ONC. Joy Pritts recently assumed the new position and is leading HHS efforts to develop and implement privacy and security programs and polices related to electronic health information.

For more information about the proposed rule announced today visit http://www.ofr.gov/OFRUpload/OFRData/2010-16718_PI.pdf.  

For other HHS Recovery Act programs, see http://www.hhs.gov/recovery/programs/index.html#Health.

To read the full press release, visit http://www.hhs.gov/news/press/2010pres/07/20100708c.html.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Tagged with: HIPAA HITECH Privacy

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo