Computerworld - The U.S. Department of Health and Human Services (HHS) has proposed a new federal healthcare information privacy rule that would let patients restrict access to certain health information and ban the sale of patient data without consent.
The proposed plan to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996 was announced today by David Blumenthal , head of the Office of the National Coordinator (ONC) for Health Information Technology, and Georgina Verdugo, director of the Office for Civil Rights (OCR).
Blumenthal said during a press conference that the ONC is also working with White House Cyber Security Chief Howard Schmidt on a government-wide private security initiative that will prioritize health care for security improvement with respect to cyber-information.
We want to take full advantage of & what's known within the federal government about protection and security of information, Blumenthal said. Meaningful use & will be defined in regulation very shortly [and] will have related obligations for providers of care in terms of how they maintain the security of the health information that they collect electronically.
In addition to boosting patient rights, the proposal would extend certain privacy and security rule requirements to business associates of organizations already covered by HIPAA rules, and establish new limitations on the use of protected health information for marketing and fundraising purposes.
The new rules proposition will enter a 60-day comment period beginning July 14. Information on how to post comments about the proposal will be available at http://www.regulations.gov.
Verdugo said the new rules would strengthen and expand OCR's ability to enforce HIPAA's Privacy and Security provisions, which is particularly important in light of ongoing efforts to push the adoption of electronic health records (EHRs).
"As we enter in to a new age of electronic health information exchange [it] is more important than ever to ensure greater consumer confidence in the privacy and security of their health information and the industry's use of new technology," she said.
Bill Fawns, director of IT services for the County of Kern, Calif. and interim CIO at the Kern Medical Center in Bakersfield, said current HIPAA rules are adequate and there is no need for additional regulation.
"To be candid, I think there are plenty of rules in place," he said. "In fact, we're constantly meeting with our compliance officer to make sure we're complying with all the regulations. It's hard for me to imagine the sale of patient medical information that isn't de-identified. If it's de-identified, what loss is there to have it out there?"
"And if they're selling patient information that isn't de-identified, then they must have found a loophole in laws that we haven't seen," he added.
It's 2020. The at-home telemedicine robot reminds me it's time for the doctor to check how well the burn on my arm is healing. The specialist is in a clinic located more than 45 miles away, but she thoroughly examines my arm through a wound assessment device built into the robot. After the consultation, my smart band reminds me that the mobile health vehicle will be at my workplace, and I should stop by to get my flu shot. I quickly acknowledge my medication reminder alert, take my meds, and then hop into my driverless smart car.
Free Insider Guide