HHS Proposal Would Strengthen HIPAA Privacy Rule

By John Wagley

A new proposed rule by The U.S. Department of Health and Human Services (HHS) would give people the right to learn who may have accessed their electronically stored healthcare information.

The changes would affect the Health Insurance Portability and Accountability (HIPAA) Act Privacy Rule, dividing a section pertaining to disclosure and accountability into two parts. One would set forth an individual’s right to an “accounting of disclosures”; another would pertain to people’s right to learn which employee or outside party may have accessed their information.

The proposal is partly an effort to implement statutory requirements under the Health Information Technology for Economic and Clinical Health “HITECH” ACT, according to HHS. HITECH, passed in 2009 largely to stimulate the use of electronic health records, mandates strengthening electronic record disclosure laws, according to HHS.

The proposal “represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information,” said Georgina Verdugo, director of HHS’ Office of Civil Rights, in a statement. OCR enforces HIPAA.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.