HHS attempts to strengthen HIPAA privacy rules with new NPRM
HHS Secretary Kathleen Sebelius addressed the new rules and resources to strengthen the privacy of health information and to help Americans understand their rights and the resources available to safeguard their personal health data.
Led by the Office of the National Coordinator for Health IT and the HHS Office for Civil Rights, HHS is working with public and private partners to ensure that, as health IT is expanded to drive improvements in the quality and effectiveness of the nation’s healthcare system, Americans can trust that their health information is protected and secure, according to the department.
The proposed rule, currently available for public comment, would strengthen and expand HIPAA privacy, security and enforcement rules by:
- Expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans;
- Requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
- Setting new limitations on the use and disclosure of protected health information for marketing and fundraising; and
- Prohibiting the sale of protected health information without patient authorization.
“To improve the health of individuals and communities, health information must be available to those making critical decisions, including individuals and their caregivers,” said Sebelius. “While health IT will help America move its healthcare system forward, the privacy and security of personal health data is at the core of all our work.”
The department also unveiled a privacy website to help visitors access information about ongoing HHS privacy efforts and the policies supporting them.
HHS is also looking more closely at entities that are not covered by HIPAA rules to understand better how they handle personal health information and to determine whether additional privacy and security protections are needed for these entities.
To view the proposed rule, click here.