WASHINGTON – In the wake of increased healthcare IT adoption, this year saw increased focus on patient privacy.
Department of Health and Human Services Secretary Kathleen Sebelius announced on July 8 a 234-page notice of proposed rulemaking on health IT privacy and security that promises to strengthen existing laws.
The rulemaking was mandated under the HITECH portion of the American Recovery and Reinvestment Act of 2009.
Sebelius said the new rules are part of an effort led by the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) to ensure Americans trust personal health data exchange. The proposed rules are designed to strengthen and expand enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Enforcement Rules, she said.
Deborah Peel, MD, founder of Patient Privacy Rights called the proposal "a pro-privacy, patient-centered approach to personal health information (PHI)."
"Putting patients in control of PHI is the only route to prevent wasting billions in stimulus funds on HIT systems that destroy privacy and to stop the theft, misuse and sale of PHI in today’s primitive HIT systems and data exchanges," Peel said.
Rita Bowen, president of the American Health Information Management Association board of directors, said the proposal would help to make "accurate health information available where and when it is needed to treat patients."
The proposed rules include measures to expand individuals’ rights to access their information and to restrict certain types of disclosures of protected health information. It requires business associates of HIPAA-covered entities to be under most of the same rules as the covered entities, and it sets new limitations on the use and disclosure of protected health information for marketing and fund raising. It also prohibits the sale of protected health information without patient authorization.
"Giving more Americans the ability to access their health information wherever, whenever and in whatever form is a critical first step toward improving our healthcare system,” said David Blumenthal, MD, national coordinator for health information technology. "Empowering Americans with real-time and secure access to the information they need to live healthier lives is paramount," he said.
The rule was published in the July 14 issue of the Federal Register, with public comments due by Sept. 13. A final rule was expected to come in late fall.
