Related Posts

Privacy and Security in the Affordable Care Act’s Data Hub

Last week, two committees of the U.S. House of Representatives held a joint hearing to examine privacy and security issues related to an information exchange system, commonly referred to as the “data hub.” The data hub is managed by HHS and facilitates access to information currently held in federal government databases that is necessary to determine an individual’s eligibility for certain aspects of the Affordable Care Act (health reform). For example, an individual’s eligibility for a federal subsidy to purchase health insurance requires verification of income and family size from the Internal Revenue Service (IRS), immigration status from the Department of Homeland Security (DHS) and incarceration status from the Social Security Administration (SSA).

Read More

CDT Testifies, Says HIPAA Sharing Rules Need Clarity

On Friday, Deven McGraw, Director of the Health Privacy Project at CDT, testified before the U.S. House Committee on Energy and Commerce Subcommittee on Oversight and Investigations at a hearing entitled “Does HIPAA Help or Hinder Patient Care and Public Safety?” The Subcommittee sought to explore whether the Health Insurance Portability and Accountability Act (HIPAA) of 1996 prevents hospitals and physicians from sharing mental health information with a patient’s family members. The Subcommittee also wanted to know if HIPAA permitted the disclosure of mental health information in order to prevent serious harm.

Read More

HIPAA Final Rule Confirms That ISPs Transmitting PHI Are Not Business Associates

On January 25, 2013, the US Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) published a final rule updating regulations to the Health Insurance Portability and Accountability Act (HIPAA). One small but important part of the rule clarifies that those entities that serve as “mere conduits” for the transmission of protected health information…

Read More

Feds Boost Privacy Protections for Medical Records

The privacy protections guarding the care and handling of your medical records just got stronger… a lot stronger. The new rules bolster prohibitions against use of a patient’s medical records without consent for marketing communications; extend federal privacy and security protections to contractors (and subcontractors) of doctors, hospitals and insurers; improved your right to be notified when your medical records…

Read More

Oversight of Government Privacy, Security Rules for Health Data Questioned

Oversight and accountability for following federal privacy and security rules is critical if the public is going to trust that the next generation of electronic health care providers, insurers, and billing services can protect the privacy of their medical information.  A recent report by the Government Accountability Office questions whether sufficient work is being done to build…

Read More

Toward a Privacy Healthy, Health Insurance Exchange

Strong privacy and security rules are crucial to the success of the new health insurance exchanges mandated by the Health Care Reform.The Patient Protection and Affordable Care Act of 2010 called for the creation of health insurance “exchanges.” Exchanges are new, web-based entities intended to create a more organized and competitive market for health insurance by offering a choice…

Read More

Data Breach Bills Exclude Health Information

One of the negative side-effects of the sectoral approach the United States has taken to privacy regulation is confusion over whether certain types of personal information are protected under existing rules. Specifically, many people – and, it appears, legislators – seem to assume that all health information is protected under HIPAA. This is incorrect, however, and the assumption that health information…

Read More

CDT Files Comments On Proposed ‘Accounting Of Disclosures’ Rule

Yesterday CDT and other consumer groups filed comments on regulations proposed by the Dept. of Health and Human Services Office of Civil Rights (OCR) that would require health care entities to provide each patient – upon request – with a report detailing who accessed the patient’s medical records. While enhancing patients’ right to obtain a list of who…

Read More

HHS Should Require the Encryption of Portable Devices to Curb Health Data Breaches

Many companies use encryption on their portable devices, but the continuing parade of health data breaches demonstrates that too many organizations have yet to do the same. The U.S. Dept. of Health and Human Services (HHS) should consider revising the Security Rule to outright require encryption for portable devices containing the protected health information of 500 or more patients….

Read More

The First HIPAA Civil Monetary Penalty

Americans have a legal right to access their medical records under HIPAA, the nation’s foremost health care privacy law, but health care companies and providers don’t always honor patient requests for access. Throughout HIPAA’s history, only a handful of health care companies have been publicly sanctioned for failing to comply with HIPAA privacy and patient access requirements….

Read More