HIPAA Privacy Regs to Be Reset
The Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services (HHS) submitted, March 24, “Modifications to the HIPAA Privacy, Security Enforcement and Breach Notification Rules” as a final rule to the White House Office of Management and Budget (OMB). The new rules will enforce more stringent privacy regulations outlined in the American Recovery and Reinvestment Act of 2009.
The rule officiates regulations in the Health Information Technology for Economic and Health (HITECH) Act, most of which were implemented in 2009 through last year; however, this final rule contains more specific regulations, and the OMB review is the final review before laws take effect.
According to ModernHealthcare.com, the new rule creates regulation governing the use of patient information for marketing and contains a stimulus law prohibiting the sale of patient data without patient authorization. The rule also defines a “harm standard” for breach notification, and provides means to enforce business associate agreements with vendors, especially outside health information technology providers.