Patients could gain greater access to their health information and have more power to limit disclosures of certain personal information to health plans under a new proposal from the Health and Human Services department.
The new requirements, which were announced in July, are aimed at beefing up privacy and security, as the Obama administration pushes to get more physicians using electronic health records over the next few years.
“The benefits of health IT can only be fully realized if patients and providers are confident that electronic health information is kept private and secure at all times,” Georgina Verdugo, director of the HHS Office for Civil Rights, said in a statement. “This proposed rule strengthens the privacy and security of health information, and is an integral piece of the administration's efforts to broaden the use of health information technology in health care today.”
The proposal alters the Health Insurance Portability and Accountability Act (HIPAA) rules by setting new limits on the use of disclosure of protected health information for marketing and fundraising and by requiring business associates of HIPAA-covered entities to follow most of the same rules that covered entities follow.
The proposal would also bar the sale of protected health information without explicit authorization from the patient.
The proposal also implements elements of the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, which requires physicians and other covered entities to grant patient requests to restrict certain information from their health plans.
For example, the proposed rule states that patients must be allowed to restrict protected health information if that information is related only to a service for which the patient paid in full and the information is not otherwise required by law to be reported.
Individuals can provide comments on the rule for a period of 60 days, which began on July 14. Along with the release of the proposed regulation, HHS has also launched a new Web site (http://www.hhs.gov/healthprivacy/index.html