Tag Archives: Privacy

SAMHSA Proposes Revisions to Substance Abuse Records Privacy Protections to Support Delivery Reform

The Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule on February 9, 2016 that is intended to modernize regulations governing the confidentiality of substance abuse records to ensure that patients with substance use disorders have the ability to participate in new integrated health care models that emphasize coordinated care while addressing … Continue Reading

White House Releases Proposed Precision Medicine Initiative Privacy Framework

Earlier this year, President Obama launched a high-profile “Precision Medicine Initiative” (PMI) to develop treatments, diagnostics, and prevention strategies tailored to the individual genetic characteristics of each patient.  On July 8, 2015 the White House released for public comment a draft document entitled “Precision Medicine Initiative: Proposed Privacy and Trust Principles,” which provides broad guidance … Continue Reading

Congressional Health Policy Hearings

The following Congressional panels have held hearings recently on various health policy issues: The House Science, Space, and Technology Committee held a hearing entitled, “Can Americans Trust the Privacy and Security of their Information on HealthCare.gov?”; The Senate Health, Education, Labor and Pensions (HELP) Committee held a hearing on the reemergence of vaccine-preventable diseases; and The Energy … Continue Reading

GAO Calls for Improvements to Healthcare.gov Information Security and Privacy Controls

The Government Accountability Office (GAO) has assessed the effectiveness of CMS controls intended to protect the security and privacy of the information and information technology (IT) systems used to support Healthcare.gov. The GAO determined that while CMS has taken steps to protect Healthcare.gov security and privacy, “weaknesses remain both in the processes used for managing … Continue Reading

HHS OCR Releases HIPAA Privacy Rule Guidance Documents

As reported on our sister blog, http://www.lifescienceslegalupdate.com/, the HHS Office for Civil Rights (OCR) has made a number of recent announcements regarding HIPAA Privacy Rule implementation. First, OCR has issued guidance on how the changes to the HIPAA Privacy Rule’s marketing provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act and … Continue Reading

Congressional Health Policy Hearings

Recent Congressional hearings on health policy issues include the following: A House Energy and Commerce Health Subcommittee a hearing entitled “PPACA Pulse Check: Part 2,” focusing on ACA readiness and implementation issues (Part 1 of the hearing was on August 1, 2013).  A House Homeland Security Cybersecurity Subcommittee hearing on “The Threat to Americans’ Personal … Continue Reading

HHS Considering HIPAA Privacy Rule Amendments to Allow Reporting of Mental Health Data to National Instant Criminal Background Check System

HHS is soliciting comments on whether to amend the HIPAA Privacy Rule to expressly permit covered entities holding information about the identities of individuals who are disqualified from possessing or receiving firearms on mental health grounds to disclose limited information to the National Instant Criminal Background Check System. Comments on the rule will be accepted … Continue Reading

It’s Here: OCR Releases Long Awaited HIPAA/HITECH Final Rule

The Office for Civil Rights ("OCR") of the Department of Health and Human Services released today the long awaited, and much anticipated, omnibus final rule modifying the HIPAA Privacy, Security, Breach and Enforcement Rules. The final rule, which implements the statutory requirements of the Health Information Technology for Economic and Clinical Health Act ("HITECH") and the Genetic Information Nondiscrimination Act ("GINA"), is comprised of four final rules and addresses the July 2010 HITECH proposed rule, the Breach Notification and Enforcement interim final rules, as well as the October 2009 GINA proposed rule (collectively, the "HITECH Final Rule"). Notably, the HITECH Final Rule does not address the May 2011 proposed accounting and access report rule.… Continue Reading

Obama Administration’s Regulatory Agenda Points to Busy 2013 for HHS

On January 8, 2013, the Obama Administration published its latest semiannual regulatory agenda, outlining planned regulatory initiatives in a number of policy areas. The Federal Register version of the agenda includes only a portion of the regulations in the pipeline, however; the full agenda has been posted on the Office of Management and Budget (OMB) web … Continue Reading

Awaiting the Final HITECH Rule: HURRY UP AND WAIT!

As the year draws to a close, industry is speculating about the release date of the long-awaited Health Information Technology for Economic and Clinical Health Act (“HITECH”) final rule, which is expected to address modifications to the Privacy, Security, Enforcement, and Breach Notification Rules. While the publication date has not yet been announced, it is … Continue Reading

OCR Issues Guidance on De-identifying Protected Health Information

The HHS Office of Civil Rights (OCR) recently released guidance on methods to de-identify protected health information in compliance with the HIPAA Privacy Rule. The guidance, which is summarized on the Reed Smith’s Life Sciences Legal Update blog, is intended to assist covered entities and business associates in understanding what de-identification is and how de-identified … Continue Reading

ONC Invites Comments on Stage 3 Meaningful Use Policy

The Office of the National Coordinator for Health Information Technology (ONC) has issued a Request for Comment (RFC) on Stage 3 meaningful use recommendations, which will “target a collaborative model of care with shared responsibility and accountability.” In releasing the RFC, the ONC acknowledges “today’s challenges in setting up data exchanges,” but recommends that Stage … Continue Reading

OIG Recommends Improvements to CMS Response to Health Information Breaches

The OIG has given the CMS mixed reviews regarding the extent to which it meets American Recovery and Reinvestment Act (Recovery Act) requirements to notify affected beneficiaries when the privacy or security of their protected health information is compromised. In the report, “CMS Response to Breaches and Medical Identity Theft,” the OIG assesses how CMS … Continue Reading

GAO Examines HHS Action on Privacy and Security of Prescription Drug Data

The GAO has issued a report entitled “Prescription Drug Data: HHS Has Issued Health Privacy and Security Regulations but Needs to Improve Guidance and Oversight.” The report assesses the extent to which HHS has established a framework to ensure the privacy and security of Medicare beneficiaries’ protected health information when data on prescription drug use … Continue Reading

New ONC Health IT Resources

The HHS Office of the National Coordinator for Health Information Technology (ONC) has released a “Guide to Privacy and Security of Health Information,” which is designed to help practitioners, staff, and other professionals better understand the role privacy and security play in the use of electronic health records (EHRs) and Meaningful Use. In addition, the … Continue Reading

Mobile Devices Roundtable: Safeguarding Health Information (March 16)

On March 16, 2012, HHS is hosting a Mobile Devices Roundtable on “Real World Usages and Real World Privacy & Security Practices.”  The roundtable will: address the current privacy and security legal framework for mobile devices accessing, storing and/or transmitting health information; discuss real world usage of mobile devices by providers and other health care … Continue Reading

Congressional Health Policy Hearings & Markups

A number of Congressional committees have held hearings recently on health policy issues, including the following: A House Energy and Commerce Health hearing entitled “Do New Health Law Mandates Threaten Conscience Rights and Access to Care?”; A Senate Judiciary Subcommittee on Privacy, Technology and the Law hearing on “Your Health and Your Privacy: Protecting Health … Continue Reading

CMS Proposes Direct Patient Access to Lab Results

On September 14, 2011, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule amending the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rules to give patients (and the patient’s representatives) direct access to the patient’s own clinical laboratory test result … Continue Reading

Final Federal Health IT Strategic Plan

The HHS Office of the National Coordinator for Health Information Technology (ONC) has released the final “Federal Health IT Strategic Plan.” The plan describes how the government will promote the meaningful use of health information technology (IT); use IT to improve care and population health while reducing costs; protect the privacy and security of electronic health … Continue Reading

OIG Reports on the Security of Electronic Patient Health Information

The OIG has released two reports on health information technology (HIT) security issues. The first report is entitled “Nationwide Rollup Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight.” The review, involving seven hospital audits, the OIG concluded that CMS’s oversight and enforcement actions were not sufficient to ensure … Continue Reading

HHS Proposes Implementation of the HIPAA Privacy Rule’s Standard for Accounting of Health Information Disclosures

This post was originally written for the Life Sciences Legal Update blog by Gina M. Cavalier, Vicky G. Gormanly and Brad M. Rostolsky. Pursuant to the HITECH Act, covered entities and business associates must account for disclosures of PHI for treatment, payment and health care operations if the disclosures are through an electronic health record. This … Continue Reading