Health Information Management

HHS proposes 'significant' changes to HIPAA privacy, security, and enforcement

HIM-HIPAA Insider, July 20, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

On July 8 HHS released a proposed rule to modify the HIPAA privacy, security, and enforcement rules, extending HIPAA compliance requirements to subcontractors of business associates (BA) and strengthening patient rights to health information privacy.

According to the Office for Civil Rights (OCR), which enforces the HIPAA privacy and security rules for HHS, the proposed ‘significant’ modifications include:

  • A requirement that BAs of HIPAA-covered entities be under most of the same rules as the covered entities
  • New limitations on the use and disclosure of protected health information (PHI) for marketing and fundraising purposes
  • Prohibition of the sale of PHI without an authorization
  • Expansion of individuals’ rights to access their information and to restrict certain types of disclosures of PHI to health plans
  • Provisions that strengthen and expand HIPAA’s enforcement rule

The proposed rule is required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, signed into law by President Barack Obama, February 17, 2009. The Act was part of the $787 billion economic American Recovery and Reinvestment Act of 2009, which includes provisions for heightened enforcement of HIPAA and stiffer penalties for privacy and security violations.

HHS will receive comments for up to 60 days after the proposed rule’s July 14 publication in the Federal Register, after which it will release an interim final rule. HHS says it will give covered entities and BAs 180 days after the final rule is in effect to comply with most of the provisions.

To read more, visit the HIPAA Update blog.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular