HHS Proposes Tighter HIPAA Privacy Rule
The Department of Health and Human Services (HHS) Thursday released a proposed rule to modify the HIPAA privacy, security, and enforcement rules, extending HIPAA compliance requirements to subcontractors of business associates (BA) and strengthening patient rights to health information privacy.
According to the Office for Civil Rights (OCR), which enforces the HIPAA privacy and security rules for HHS, the proposed 'significant' modifications include:
- A requirement that BAs of HIPAA-covered entities be under most of the same rules as the covered entities
- New limitations on the use and disclosure of protected health information (PHI) for marketing and fundraising purposes
- Prohibition of the sale of PHI without an authorization
- Expansion of individuals' rights to access their information and to restrict certain types of disclosures of PHI to health plans
- Provisions that strengthen and expand HIPAA's enforcement rule
- Privacy protection now only extends 50 years after the death of the patient
- Covered entities can charge costs associated with providing an individual ePHI on electronic media — the cost of a flash drive or CD, for example
- Strong case examples on breaches
The proposed rule is required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, signed into law by President Barack Obama, February 17, 2009. The Act was part of the $787 billion economic American Recovery and Reinvestment Act of 2009, which includes provisions for heightened enforcement of HIPAA and stiffer penalties for privacy and security violations.
HHS will receive comments for up to 60 days after the proposal's July 14 publication in the Federal Register, after which it will release an interim final rule. HHS says it will give covered entities and BAs 180 days after the final rule is in effect to comply with most of the provisions.
Frank Ruelas, director of compliance and risk management at Maryvale Hospital and principal of the HIPAA Boot Camp in Casa Grande, AZ, says some of the major points in the proposed rule include:
- As Medicare Advantage Cuts Loom, Disagreement Over Program's Stability
- Surgical Checklists Unused in 10% of Hospitals, CMS Data Shows
- Doctors Feel Pressure to Accept Risk-based Reimbursement
- A Fresh Look at End-of-Life Care
- 3 Insider Tips on Cutting Costs without Strangling Growth
- Heart Attack Patient Costs Skyrocket Beyond 30 Days
- 3 in 4 Patients Want E-mail Consultations
- 4 Tectonic Shifts Shaking Up Healthcare
- ACGME Chief Sees 'Huge' Risk of Error in Proposed Assistant Physician Licensure
- CVS Ramps Up Retail Clinics with Provider Affiliations