The U.S. Department of Health and Human Services (HHS) has announced new rules and resources to strengthen the privacy of health information. The changes, published on July 8, would expand the scope of HIPAA and strengthen its enforcement capabilities.
The proposed rules are intended to support the adoption and use of health IT by adding broader individual rights and stronger protections when third parties handle individually identifiable health information, according to HHS.
The proposed regulations would:
- Expand individuals' rights to access their information
- Restrict certain disclosures of protected health information to health plans
- Extend the applicability of some of HIPAA's privacy and security rules to business associates of covered entities
- Establish new limitations on the use and disclosure of protected health information for marketing and fundraising purposes
- Prohibit the sale of protected health information without patient authorization
The proposed rules are also designed to strengthen and expand the HHS Office for Civil Rights to enforce HIPAA's privacy and security provisions, according to a joint statement from David Blumenthal, MD, national coordinator for health IT, and Georgina Verdugo, director of the Office for Civil Rights.
HHS is soliciting comments about the proposal during a 60-day time period starting July 14. The 234-page document may be accessed by clicking here.
Related Reading
Is your office copier a hole in your HIPAA security plan? June 2, 2010
HHS releases breach notification rules, August 20, 2009
HHS provides health information protection guidance, April 21, 2009
Copyright © 2010 AuntMinnie.com
