The Department of Health & Human Services has proposed modification to the HIPAA Privacy, Security and Enforcement Rules. The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, is designed to promote the widespread adoption and standardization of health information technology, and requires HHS to modify the HIPAA Privacy, Security, and Enforcement Rules to strengthen the privacy and security protections for health information and to improve the workability and effectiveness of the HIPAA Rules.
The proposed rule would:
-
expand individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans.
-
require business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
-
set new limitations on the use and disclosure of protected health information for marketing and fundraising; and
-
prohibit the sale of protected health information without patient authorization.
In addition, the proposed rule adopts provisions designed to strengthen and expand HIPAA’s enforcement provisions.
Changes proposed in the new rule are authorized under the HITECH Act. The rule will be officially published in the Federal Register on July 14.
Click here to view the proposed rule.
