Tag Archives: Privacy

Congressional Health Policy Hearings & Markups

A number of Congressional committees have held hearings recently on health policy issues, including the following: A House Energy and Commerce Health hearing entitled “Do New Health Law Mandates Threaten Conscience Rights and Access to Care?”; A Senate Judiciary Subcommittee on Privacy, Technology and the Law hearing on “Your Health and Your Privacy: Protecting Health … Continue Reading

CMS Proposes Direct Patient Access to Lab Results

On September 14, 2011, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule amending the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rules to give patients (and the patient’s representatives) direct access to the patient’s own clinical laboratory test result … Continue Reading

Final Federal Health IT Strategic Plan

The HHS Office of the National Coordinator for Health Information Technology (ONC) has released the final “Federal Health IT Strategic Plan.” The plan describes how the government will promote the meaningful use of health information technology (IT); use IT to improve care and population health while reducing costs; protect the privacy and security of electronic health … Continue Reading

OIG Reports on the Security of Electronic Patient Health Information

The OIG has released two reports on health information technology (HIT) security issues. The first report is entitled “Nationwide Rollup Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight.” The review, involving seven hospital audits, the OIG concluded that CMS’s oversight and enforcement actions were not sufficient to ensure … Continue Reading

HHS Proposes Implementation of the HIPAA Privacy Rule’s Standard for Accounting of Health Information Disclosures

This post was originally written for the Life Sciences Legal Update blog by Gina M. Cavalier, Vicky G. Gormanly and Brad M. Rostolsky. Pursuant to the HITECH Act, covered entities and business associates must account for disclosures of PHI for treatment, payment and health care operations if the disclosures are through an electronic health record. This … Continue Reading

HHS Extends Comment Deadline on Federal Health IT Strategic Plan to May 6, 2011

The HHS Office of the National Coordinator for Health Information Technology (ONC) is extending the public comment period on its “Federal Health IT Strategic Plan: 2011-2015 from April 22 to May 6, 2011. The updated plan describes how the government will promote the meaningful use of health information technology (IT); use IT to improve care … Continue Reading

ONC Conference on Personal Health Records

This post was written by Jacqueline B. Penrod. The ONC will be hosting a free, day-long public roundtable to address the topic of Personal Health Records (PHRs) on December 3, 2010. The roundtable is designed to inform ONC’s Congressionally-mandated report on privacy and security requirements for non-covered entities, with a focus on personal health records … Continue Reading

HHS Meeting on HITECH Act Psychotherapy Notes/Testing Data Study (Nov. 18)

The Substance Abuse and Mental Health Services Administration (SAMHSA) is conducting a study on “Confidentiality and Privacy Issues Related to Psychological Testing Data,” pursuant to section 13424 of the Health Information Technology for Economic and Clinical Health (HITECH) Act (a component of the American Recovery and Reinvestment Act). The study will address whether the HIPAA … Continue Reading

ONC Conference on Personal Health Records (Dec. 3, 2010)

This post was written by Jacqueline B. Penrod. The Office of the National Coordinator for Health Information Technology (ONC) will be hosting a free day-long public roundtable to address the topic of Personal Health Records on December 3, 2010. The roundtable is designed to inform ONC’s Congressionally-mandated report on privacy and security requirements for non-Covered Entities, … Continue Reading

Final Health Information Breach Notification Rule Withdrawn from OMB

The Department of Health and Human Services (HHS) has announced that it is withdrawing from Office of Management and Budget (OMB) consideration its final rule intended to govern breach notifications involving unsecured protected health information. HHS states that it intends to publish a final rule “in the coming months.” An interim final rule on this … Continue Reading

New HITECH/HIPAA Proposed Rule Released

On July 8, 2010, the HHS released its proposed rule modifying the HIPAA Privacy, Security, and Enforcement Rules to implement the privacy, security, and certain enforcement provisions of the Health Information Technology for Economic and Clinical Health Act, included in the American Recovery and Reinvestment Act of 2009 (ARRA). The proposed modifications to the HIPAA … Continue Reading

HHS Requests Information to Inform Rulemaking for Revised HIPAA Accounting Requirements

This post was written by Jacqueline B. Penrod. On April 26, 2010, HHS published a Request for Information (RFI) relating to the accounting of disclosures under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as expanded by the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The new provisions … Continue Reading

Enforcement of HITECH Business Associate Requirement

The HHS Office of Civil Rights (OCR) has indicated that the agency will be delaying enforcement of the HITECH Act provisions under which Business Associates are required to directly comply with the HIPAA Privacy and Security Rules.  Although the statutory compliance date for the Business Associate requirement is February 17, 2010, Adam Greene, an OCR … Continue Reading

Entities Reporting Breaches of Protected Health Information

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the ARRA, requires covered entities to report to HHS within 60 days of discovery any breaches of protected health information that affect 500 or more individuals. The HHS Office for Civil Rights (OCR) has posted a list of covered entities … Continue Reading

GAO Report on Electronic Personal Health Information Exchange

The Government Accountability Office (GAO) has issued a report entitled “Electronic Personal Health Information Exchange: Health Care Entities’ Reported Disclosure Practices and Effects on Quality of Care.” The report, which was required by the HITECH Act, reviews practices implemented by health information exchange organizations, providers, and other health care entities that disclose electronic personal health information, based … Continue Reading

Workshop on HIPAA Privacy Rule’s De-Identification Standard (March 8-9, 2010)

HHS is hosting a workshop on March 8 and 9, 2010 on methods for de-identification of protected health information (PHI) as designated in the HIPAA Privacy Rule. The meeting is designed to bring together experts with practical technical and policy experience to inform the creation of guidance materials on de-identification approaches.… Continue Reading

American Recovery and Reinvestment Act — Health Information Privacy/Incentives, Medicaid Funding & Other Health Provisions

On February 17, 2009, President Obama signed into law H.R. 1, the American Recovery and Reinvestment Act (the "ARRA"). The sweeping $790 billion economic stimulus package includes a number of health care policy provisions. Reed Smith's Health Care Memorandum summarizes the major health policy provisions of the Act.… Continue Reading
LexBlog