The long-awaited proposed changes to the HIPAA Privacy Rules have finally been released by the Department of Health and Human Services (HHS).
A joint statement issued today by the HHS and the Office of Civil Rights (OCR) says that the proposed regulations “would expand individuals’ rights to access their information and restrict certain disclosures of protected health information to health plans, extend the applicability of certain of the Privacy and Security Rules’ requirements to the business associates of covered entities, establish new limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without patient authorization. In addition, the proposed rule is designed to strengthen and expand OCR’s ability to enforce HIPAA’s Privacy and Security provisions. This rulemaking will strengthen the privacy and security of health information, and is an integral piece of the Administration’s efforts to broaden the use of health information technology in health care today. We urge consumers, providers, and other stakeholders to read these proposals and offer comments during the 60-day comment period, which will officially open on July 14, 2010. Information about posting comments will be available at http://www.regulations.gov.”
The 234 pages of proposed regulations can be found at Notice of Proposed Rulemaking to Implement HITECH Act Modifications and we are in the process of reviewing these regulations to provide our readers with further information.
Cynthia Larose is a member in Mintz Levin's Corporate Group and leads our Privacy and Security practice. She is a Certified Information Privacy Professional, working with clients in various industries to develop comprehensive information security programs on the front end, and providing timely counsel when it becomes necessary to respond to a data breach.