Patients could gain greater access to their health information and have more power to limit disclosures of certain personal information to health plans under a new proposal from the Health and Human Services department.
The new requirements, announced July 8, are aimed at beefing up privacy and security, as the Obama administration pushes to get more physicians using electronic health records over the next few years.
“The benefits of health IT can only be fully realized if patients and providers are confident that electronic health information is kept private and secure at all times,” Georgina Verdugo, director of the HHS Office for Civil Rights, said in a statement. “This proposed rule strengthens the privacy and security of health information, and is an integral piece of the administration's efforts to broaden the use of health information technology in health care today.”
The proposal alters the Health Insurance Portability and Accountability Act (HIPAA) rules by setting new limits on the use of disclosure of protected health information for marketing and fundraising and by requiring business associates of HIPAA-covered entities to follow most of the same rules that covered entities follow. The proposal would also bar the sale of protected health information without explicit authorization from the patient.
The proposal also implements elements of the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, which requires physicians and other covered entities to grant patient requests to restrict certain information from their health plans.
Individuals can provide comments on the rule for 60 days, beginning on July 14.
HHS has also launched a new Web site that provides consumers with information on their privacy rights under existing regulations (www.hhs.gov/healthprivacy/index.html