The U.S. Department of Health and Human Services (HHS) has issued guidance that specifies the technologies and methodologies that render protected health information (PHI) unusable, unreadable, or indecipherable to unauthorized individuals.
The guidance relates to two forthcoming breach notification regulations -- one to be issued by the HHS for covered entities and their business associates under HIPAA and another to be issued by the U.S. Federal Trade Commission for vendors of personal health records and other entities not covered by HIPAA. If the entities subject to the regulations apply the technologies and methodologies specified in the guidance to secure information, they will not be required to provide the notifications required by the regulations in the event of an information breach.
The guidance was required by the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of the American Recovery and Reinvestment Act of 2009. It was developed through a joint effort by the HHS Office for Civil Rights, Office of the National Coordinator for Health Information Technology, and Centers for Medicare and Medicaid Services.
HITECH requires these regulations to be published within 180 days of enactment, according to the HHS.
In other developments, the HHS has also issued a request for information to solicit public comment on the breach notification provisions of the HITECH act. Both the guidance and request for information can be reached by clicking here.
Related Reading
Senate questions HHS nominee on medical imaging, April 17, 2009
Inclusive Obama healthcare approach invites a fight, March 6, 2009
Health spending takes rising share of U.S. economy, February 25, 2009
Proposal envisions new U.S. health insurance program, February 20, 2009
Obama stimulus package allocates $20 billion to healthcare IT, February 19, 2009
Copyright © 2009 AuntMinnie.com
