The HIPAA/HITECH Megarule Published and in Effect March 26

The U.S. Department of Health and Human Services (HHS) moved forward today to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The final omnibus rule, published today in the Federal Register, greatly enhances a patient’s privacy protections, provides individuals new rights to […]

Read the rest of this entry »
GoTo top Top

OCR Makes Annual Report on HIPAA Privacy and Security Rule Compliance

In its annual report to Congress, the Office for Civil Rights (OCR) said it is developing audit protocol to conduct audits of up to 145 covered entities in an ongoing effort to enforce the privacy and security rules of HIPAA. The Office for Civil Rights of the Department of Health and Human Services (HHS) is […]

Read the rest of this entry »
GoTo top Top

HHS Proposes Expansion of Individuals’ Right to ‘Access Reports’ on Their Medical Data

The Department of Health and Human Services (HHS) is currently receiving public commentary on a proposed rule to expand the right of individuals to demand and receive "access reports" identifying who accessed their protected health information and why. Under the Health Insurance Accountability and Portability Act (HIPAA) of 1996, individuals currently have a right to […]

Read the rest of this entry »
GoTo top Top

HHS to Release Final HIPAA Privacy, Security Rules by Year-End

The Department of Health and Human Services (HHS) is aiming to release its long-awaited (and consolidated) Final Rule on the HIPAA privacy and security rules by the end of 2011, it was announced by Susan McAndrew, deputy director in the HHS Office for Civil Rights (OCR). The revamped regulations for the privacy and security rules […]

Read the rest of this entry »
GoTo top Top

Data Breaches Now Affect 10 Million Americans, OCR Reports

The Office of Civil Rights (OCR), the unit of the Department of Health and Human Services (HHS) responsible for monitoring health information breaches, recently reported that the total number of Americans affected by large data breaches has surpassed 10 million individuals. With the enactment of the Health Information Technology for Economic and Clinical Health Act […]

Read the rest of this entry »
GoTo top Top

HHS Sends Disclosure Rule to OMB for Review, Expands Patients’ Rights

The Department of Health and Human Services (HHS), despite a health industry outcry, has forwarded to the Office of Management and Budget (OMB) a proposed rule allowing patients to request information about the disclosure of their protected health information (PHI). An OMB review can take anywhere from one to 90 days to complete. After that, […]

Read the rest of this entry »
GoTo top Top

Suspended Breach Notification Rule Remains in Effect

Though on Aug. 4 it withdrew its Interim Final Rule regarding HIPAA security breach notifications, the Department of Health and Human Services (HHS) has since clarified on its Web site that the suspended rule of Sept. 23, 2009, remains in effect. "This is a complex issue and the Administration is committed to ensuring that individuals’ […]

Read the rest of this entry »
GoTo top Top

HHS Suspends Breach Rule for Further Review

Coming under criticism for allowing covered entities (in this case, those health care providers and others who maintain health records) to police themselves in matters of maintaining the privacy of Protected Health Information (PHI), the Department of Health and Human Services (HHS) has withdrawn its breach rule of September 2009. The already-in-effect interim final rule, […]

Read the rest of this entry »
GoTo top Top

More Clarity on HITECH Provisions Promised Soon

Though HITECH (the Health Information Technology for Economic and Clinical Health act) took full effect this past Feb. 17, provisions regarding business associates were still vague, as we noted at the time. Now, the Office of Civil Rights (OCR) in the Department of Health and Human Services (HHS), the law’s oversight agency, is promising to […]

Read the rest of this entry »
GoTo top Top

HHS Begins Listing Medical Record Breaches on Web

As required by law, the Department of Health and Human Services (HHS) has begun publicly listing breaches of private health information (PHI), generally in medical records, when the breach totals 500 or more individuals. Though breach notification rules under HITECH (Health Information Technology for Economic and Clinical Health Act) went into effect in September 2009, a […]

Read the rest of this entry »
GoTo top Top