In the wake of recent healthcare mandates, the Department of Health and Human Services (HHS) expanded the regulations governing 1996's Health Insurance Portability and Accountability Act (HIPAA).
HIPPA is a law designed "to protect health information by establishing transaction standards for the exchange of health information, security standards, and privacy standards for the use and disclosure of individually identifiable health information." A new wave of healthcare-information rules generated worries about data security.
Under the 2009 Health Information Technology for Economical and Clinical Health Act (HITECH), the federal government requires the creation of a nationwide health information exchange (HIE) and state-wide HIEs. Yet many consumers and privacy experts are concerned about the secure transmission and storage of patients' health information, test results and medical records. In addition, some are worried about how and when consumers will be notified of the theft or loss of medical information housed within the federal or state HIE or medical providers' electronic medical records (EMRs).
To build consumer confidence, in January 2010 HHS issued regulations that expand HIPAA to include EMR vendors and related entities - such as companies transmitting EMRs within HIEs, e-prescibing gateway vendors and medical laboratories. In addition, HHS rulemaking requires written contractual agreements between healthcare providers, health plans, EMR vendors and all related entities specifying the mechanisms for notifying individuals in the case of data-breaches, said Grant Peterson, J.D., who moderated "HIPAA Privacy and Security: New HITECH Act Requirements for 2010," a webinar hosted by Open Health IT Exchange (OHITX). Within affiliated healthcare networks, hospitals and physician practices' compliance is assured through an addendum to existing contracts, he said.
As a result of HITECH, the Federal Trade Commission (FTC) issued companion regulations, marking the first time the FTC has regulated healthcare entities. The Health Breach Notification Rule will protect the electronic transmission of EMRs within a nationwide HIE. Beginning on Feb. 22, 2010, EHR vendors and related entities must notify consumers when their health information has been breached, according to the FTC ruling.
Read the complete presentation of the Jan. 13, 2010 Open Health IT Exchange (OHITX) webinar, "HIPAA Privacy and Security: New HITECH Act requirements for 2010," led by Grant Peterson, J.D., at CHIT CHAT Archive.