HHS is soliciting comments on whether to amend the HIPAA Privacy Rule to expressly permit covered entities holding information about the identities of individuals who are disqualified from possessing or receiving firearms on mental health grounds to disclose limited information to the National Instant Criminal Background Check System. Comments on the rule will be accepted
Privacy
It’s Here: OCR Releases Long Awaited HIPAA/HITECH Final Rule
The Office for Civil Rights (“OCR”) of the Department of Health and Human Services released today the long awaited, and much anticipated, omnibus final rule modifying the HIPAA Privacy, Security, Breach and Enforcement Rules. The final rule, which implements the statutory requirements of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the Genetic Information Nondiscrimination Act (“GINA”), is comprised of four final rules and addresses the July 2010 HITECH proposed rule, the Breach Notification and Enforcement interim final rules, as well as the October 2009 GINA proposed rule (collectively, the “HITECH Final Rule”). Notably, the HITECH Final Rule does not address the May 2011 proposed accounting and access report rule.
Continue Reading It’s Here: OCR Releases Long Awaited HIPAA/HITECH Final Rule
Obama Administration’s Regulatory Agenda Points to Busy 2013 for HHS
On January 8, 2013, the Obama Administration published its latest semiannual regulatory agenda, outlining planned regulatory initiatives in a number of policy areas. The Federal Register version of the agenda includes only a portion of the regulations in the pipeline, however; the full agenda has been posted on the Office of Management and Budget (OMB) web site. Major Department of Health and Human Services (HHS) regulations are highlighted after the jump.Continue Reading Obama Administration’s Regulatory Agenda Points to Busy 2013 for HHS
OCR Announces First HIPAA Breach Settlement Involving Less than 500 Individuals
The HHS Office for Civil Rights recently announced its first settlement and corrective action plan following a HIPAA breach affecting fewer than 500 individuals. Additional information about the settlement is available on Reed Smith’s Life Sciences Legal Update blog.
Awaiting the Final HITECH Rule: HURRY UP AND WAIT!
As the year draws to a close, industry is speculating about the release date of the long-awaited Health Information Technology for Economic and Clinical Health Act (“HITECH”) final rule, which is expected to address modifications to the Privacy, Security, Enforcement, and Breach Notification Rules. While the publication date has not yet been announced, it is…
OCR Issues Guidance on De-identifying Protected Health Information
The HHS Office of Civil Rights (OCR) recently released guidance on methods to de-identify protected health information in compliance with the HIPAA Privacy Rule. The guidance, which is summarized on the Reed Smith’s Life Sciences Legal Update blog, is intended to assist covered entities and business associates in understanding what de-identification is and how…
ONC Invites Comments on Stage 3 Meaningful Use Policy
The Office of the National Coordinator for Health Information Technology (ONC) has issued a Request for Comment (RFC) on Stage 3 meaningful use recommendations, which will “target a collaborative model of care with shared responsibility and accountability.” In releasing the RFC, the ONC acknowledges “today’s challenges in setting up data exchanges,” but recommends that…
OIG Recommends Improvements to CMS Response to Health Information Breaches
The OIG has given the CMS mixed reviews regarding the extent to which it meets American Recovery and Reinvestment Act (Recovery Act) requirements to notify affected beneficiaries when the privacy or security of their protected health information is compromised. In the report, “CMS Response to Breaches and Medical Identity Theft,” the OIG assesses…
GAO Examines HHS Action on Privacy and Security of Prescription Drug Data
The GAO has issued a report entitled “Prescription Drug Data: HHS Has Issued Health Privacy and Security Regulations but Needs to Improve Guidance and Oversight.” The report assesses the extent to which HHS has established a framework to ensure the privacy and security of Medicare beneficiaries’ protected health information when data on prescription…
HHS Resources on Patient Access to Health Data
The HHS Office of Civil Rights has released a number of resources to reinforce an individual’s right to access their personal medical information, including: a Right to Access Memo, "The Right to Access and Correct Your Health Information" Video, and "Your Health Information Privacy Rights" Pamphlet. The OCR notes that while HIPAA has always included…
New ONC Health IT Resources
The HHS Office of the National Coordinator for Health Information Technology (ONC) has released a “Guide to Privacy and Security of Health Information,” which is designed to help practitioners, staff, and other professionals better understand the role privacy and security play in the use of electronic health records (EHRs) and Meaningful Use. In…
Mobile Devices Roundtable: Safeguarding Health Information (March 16)
On March 16, 2012, HHS is hosting a Mobile Devices Roundtable on “Real World Usages and Real World Privacy & Security Practices.” The roundtable will: address the current privacy and security legal framework for mobile devices accessing, storing and/or transmitting health information; discuss real world usage of mobile devices by providers and other health care…
OCR Launches HIPAA Privacy and Security Audits
To implement the HITECH Act’s mandate for the HHS Office for Civil Rights (OCR) to perform HIPAA audits, OCR has just announced that it is piloting a program to perform up to 150 audits of covered entities to assess privacy and security compliance. The pilot phase will include an initial 20 audits between November…
Congressional Health Policy Hearings & Markups
A number of Congressional committees have held hearings recently on health policy issues, including the following:
- A House Energy and Commerce Health hearing entitled “Do New Health Law Mandates Threaten Conscience Rights and Access to Care?”;
- A Senate Judiciary Subcommittee on Privacy, Technology and the Law hearing on “Your Health and Your Privacy: Protecting Health
…
CMS Proposes Direct Patient Access to Lab Results
On September 14, 2011, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule amending the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rules to give patients (and the patient’s representatives) direct access to the patient’s own clinical laboratory test result…
Final Federal Health IT Strategic Plan
The HHS Office of the National Coordinator for Health Information Technology (ONC) has released the final “Federal Health IT Strategic Plan.” The plan describes how the government will promote the meaningful use of health information technology (IT); use IT to improve care and population health while reducing costs; protect the privacy and security of electronic…
OIG Reports on the Security of Electronic Patient Health Information
The OIG has released two reports on health information technology (HIT) security issues. The first report is entitled “Nationwide Rollup Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight.” The review, involving seven hospital audits, the OIG concluded that CMS’s oversight and enforcement actions were …
HHS Proposes Implementation of the HIPAA Privacy Rule’s Standard for Accounting of Health Information Disclosures
This post was originally written for the Life Sciences Legal Update blog by Gina M. Cavalier, Vicky G. Gormanly and Brad M. Rostolsky.
Pursuant to the HITECH Act, covered entities and business associates must account for disclosures of PHI for treatment, payment and health care operations if the disclosures are through an electronic health record. …
HHS Extends Comment Deadline on Federal Health IT Strategic Plan to May 6, 2011
The HHS Office of the National Coordinator for Health Information Technology (ONC) is extending the public comment period on its “Federal Health IT Strategic Plan: 2011-2015 from April 22 to May 6, 2011. The updated plan describes how the government will promote the meaningful use of health information technology (IT); use IT to improve care…
ONC Conference on Personal Health Records
This post was written by Jacqueline B. Penrod.
The ONC will be hosting a free, day-long public roundtable to address the topic of Personal Health Records (PHRs) on December 3, 2010. The roundtable is designed to inform ONC’s Congressionally-mandated report on privacy and security requirements for non-covered entities, with a focus on personal health records…