HHS Proposes Changes to HIPAA

Privacy is not something that I’m merely entitled to; it’s an absolute prerequisite.

– Marlon Brando

On July 8th, the Department of Health and Human Services (HHS) announced that it was proposing changes to Health Insurance Portability and Accountability Act’s (HIPAA’s) privacy rules. These changes flow from the HITECH Act of 2009 which expanded the protections governed by HIPAA.

The changes include:

• Expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans
• Requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities
• Setting new limitations on the use and disclosure of protected health information for marketing and fundraising
• Prohibiting the sale of protected health information without patient authorization

Not enough, you say?  The HHS added that:

“HHS also looking more closely at entities that are not covered by HIPAA rules to understand better how they handle personal health information and to determine whether additional privacy and security protections are needed for these entities [emphasis added].”

I don’t know about you, but the people I know tend to fall into three buckets:  1) People that only divulge health information when strictly required and/or under duress, 2) People that speak fairly openly but only in general terms, and 3) People that feel the need to discuss specifics about all of their health issues with anyone within a 10-foot blast radius.  These proposed changes will be welcome news to the first two buckets at least.

Oh, and here’s a useful resource from HHS if you’re interested in the full scope of rules and laws about protected information and security:  A Summary of Selected Federal Laws and Regulations Addressing Confidentiality, Privacy and Security.

Related articles by Zemanta

• ONC announces HITECH amendments to HIPAA privacy, security and enforcement rules (healthblawg.typepad.com)
• “HHS Issues Modifications to the HIPAA Privacy, Security and Enforcement Rules” and related posts (huntonprivacyblog.com)
• HHS Proposes Patient Privacy Rules (informationweek.com)

This is some text prior to the author information. You can change this text from the admin section of WP-Gravatar  To change this standard text, you have to enter some information about your self in the Dashboard -> Users -> Your Profile box. Read more from this author