WASHINGTON – The American Hospital Association would like to see some changes in the proposed federal rule for patient medical information breaches.
In a letter sent Friday to Health and Human Services Secretary Kathleen Sebelius, AHA officials said thay are endorsing the rule, but calling for "further improvements" to make it better.
The interim final rule implements the requirements from the Health Information Technology for Economic and Clinical Health (HITECH) Act for hospitals and other Health Insurance Portability and Accountability Act (HIPAA) covered entities and their business associates to notify individuals when a breach of their unsecured personal health information occurs.
AHA officials would like the HHS to identify additional situations in which the department considers the privacy or security of information not to be compromised and, therefore, would not trigger the obligation to provide notice under the breach notification regulations.
They would also like the HHS to rescind its guidance that a covered entity must determine whether each of its business associates is an agent to understand when knowledge of that business associate’s breach will be imputed directly to the covered entity.
The AHA letter also calls on the HHS to create a way for covered entities to electronically notify them of breaches affecting fewer than 500 people.
The AHA represents more than 5,000 hospitals, health systems and other healthcare organizations and 40,000 individual members.
The HHS interim final rule on Breach Notification for Unsecured Protected Health Information was published in the August 24 Federal Register.
