HIPAA Security, Privacy Updates UnveiledHITECH Act Mandated the Enhancements
The Department of Health and Human Services' Office for Civil Rights has posted the proposed rule, which is required under the Health Information Technology for Economic and Clinical Health Act, also known as the HITECH Act. HITECH mandated that the proposed regulations be issued by Feb. 18.
Major provisions of the proposal include:
- Extending the applicability of certain of the HIPAA privacy and security rules' requirements to business associates -- companies that provide services to "covered entities," such as hospitals, clinics and insurers, and have access to protected health information;
- Establishing new limitations on the use and disclosure of protected health information for marketing and fundraising purposes;
- Prohibiting the sale of protected health information;
- Expanding individuals' rights to access their health information and to obtain restrictions on certain disclosures of protected health information to health plans;
- Strengthening and expanding HIPAA's enforcement provisions.
OCR will accept comments on the proposal for 60 days after it's published in the Federal Register on July 14.