HHS Proposes Additional Security Safeguards

Health and Human Services Secretary Kathleen Sebelius has announced important new rules and resources to strengthen the privacy of health information and to help all Americans understand their rights and the resources available to safeguard their personal health data. Led by the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR), HHS is working with public and private partners to ensure that, as we expand the use of HIT to drive improvements in the quality and effectiveness of our nation’s healthcare system, Americans can trust that their health information is protected and secure.

“To improve the health of individuals and communities, health information must be available to those making critical decisions, including individuals and their caregivers,” says Sebelius. “While health information technology will help America move its healthcare system forward, the privacy and security of personal health data is at the core of all our work.”

Through the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, current health information privacy and security rules will now include broader individual rights and stronger protections when third parties handle individually identifiable health information.

The proposed rule would strengthen and expand enforcement of HIPAA Privacy, Security, and Enforcement Rules by doing the following:

• expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans;
• requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
• setting new limitations on the use and disclosure of protected health information for marketing and fundraising; and
• prohibiting the sale of protected health information without patient authorization.

HHS is also looking more closely at entities that are not covered by HIPAA rules to understand better how they handle personal health information and to determine whether additional privacy and security protections are needed for these entities.

HHS also launched a privacy website at www.hhs.gov/healthprivacy.html to help visitors easily access information about existing HHS privacy efforts and the policies supporting them. The site emphasizes HHS’ deep commitment to privacy in the collection, use, and exchange of personally identifiable information. This new resource provides Americans with confidence that their personal information is secure and underscores HHS’ goal of greater openness and transparency in government.

The HITECH Act established the position of chief privacy officer in ONC. Joy Pritts recently assumed the new position and is leading HHS efforts to develop and implement privacy and security programs and polices related to electronic health information.

Source: Health and Human Services