Skip to content Skip to navigation

BREAKING: HHS Releases HIPAA Update

January 17, 2013
by Gabriel Perna
| Reprints

The U.S. Department of Health and Human Services (HHS) has released an update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), aiming to better protect patient privacy and safeguard patients’ health information in the digital age, according to HHS Secretary Kathleen Sebelius. 

The changes to HIPAA, according to HHS, are a bit consumer-focused. For instance, patients can now ask for a copy of their electronic medical record in an electronic form. Furthermore, HHS is allowing individuals the ability to tell their provider to not share information about their treatment with their health plan. There are also limits on how your health information can be used and disclosed for marketing and fundraising purposes. It also has forbidden the sale of a patients’ health information without their permission.

According to HHS, this HIPAA update will also expand the legislation to include greater focus and requirements of business associates of providers, payers, and other healthcare organizations that receive protected health information (PHI). HHS cites the fact that many of the largest data breaches in the past have been due to third-party mishap. As a result, penalties have been increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.

“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” HHS Office for Civil Rights Director Leon Rodriguez said in a statement.   “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”

These and other HIPAA changes can be viewed here.

Health IT Summit Series - Focus: CYBER-SECURITY

Get the latest information on Cyber-Security, and attend other valuable sessions at this two-day, intimate event bringing together C-level, physician, practice management and IT decision makers for strategy discussions, knowledge exchange, and one-on-one meetings.

Boston, June 23-24   |   Denver, July 12-13
Topics

News

Study: Implementation of Integrated EHR System Improved Nursing Care Quality

July 28, 2016
Incorporating electronic, evidenced-based practice tools into bedside nurses’ workflow promotes decision making at the point of care, which may improve patient care quality, such as reducing hospital-acquired falls, according to a recent study.

Small, Rural and Critical Access Hospitals Lagging Behind On Electronic Data Exchange

July 28, 2016
Small, rural and critical access hospitals are lagging behind larger urban and suburban hospitals with regard to interoperable data exchange and use of electronic health information, according to an ONC data brief.

HIMSS Study Finds Gender-Based Pay Gaps in Health IT Widened in the Past 10 Years

July 27, 2016
According to a longitudinal assessment by HIMSS, female health IT workers in the U.S. have been consistently paid less over the past 10 years than their male peers, with the pay gap disparity worsening over time.

CMS Releases Updated Quality Star Ratings for Hospitals

July 27, 2016
After much anticipation, the Centers for Medicare & Medicaid Services (CMS) has finally published the first release of its overall hospital quality star ratings on the agency’s Hospital Compare website.

AMA, Omada Health and Intermountain Healthcare Collaborate on Diabetes Prevention Initiative

July 27, 2016
The American Medical Association, digital health company Omada Health, and Salt Lake City-based Intermountain Healthcare are collaborating on an evidence-based online diabetes prevention program with the aim of reducing the incidence of type 2 diabetes.

Ransomware Now Most Profitable Malware Type, Weaker Security Makes Healthcare a Target, Research Says

July 27, 2016
Cisco recently released its 2016 Midyear Cybersecurity Report and, according to its latest threat intelligence and trend analyses, while ransomware is not a new threat, it has evolved to become “the most profitable malware type in history.”

Report: 88 Percent of All Ransomware Is Detected in Healthcare Industry

July 27, 2016
A report from Omaha, Neb.-based Solutionary, a cybersecurity service provider, found that 88 percent of all ransomware detected in the second quarter of 2016 was within the healthcare industry.

ONC Data Reveals Top Vendors Used for Meaningful Use Program

July 27, 2016
The Office of the National Coordinator for Health Information Technology (ONC) has released data for the health IT vendors most used by providers participating in the Medicare EHR Incentive Program.

Survey: Majority of Hospitals Face Challenges, Lack of Readiness for eCQM Data Reporting

July 26, 2016
More than three-fourths of hospitals, or 78 percent, still have work ahead of them in order to successfully submit electronic clinical quality measures (eCQM) data as part of the Hospital Inpatient Quality Reporting (IQR) program by the Feb. 28, 2017 deadline.

HHS to Fund Cybersecurity Information Sharing Organization

July 26, 2016
The U.S. Department of Health and Human Services plans to fund a cybersecurity information sharing and analysis organization for the healthcare and public health sector.

Study: Medical Students Use EHRs to Track Former Patients

July 26, 2016
Medical students are continually using electronic health records (EHRs) in training, using the technology to track former patients after they have left one’s direct care, according to new research published in JAMA Internal Medicine.

NewYork-Presbyterian Launches Enterprise-Wide Digital Health Services Platform

July 26, 2016
NewYork-Presbyterian, a New York City-based integrated healthcare delivery system comprised of nine hospitals, is rolling out a new suite of digital health services, NYP OnDemand, with a particular focus on expanded telehealth services.

athenahealth Says it will Cover MIPS Payment Penalties for Customers

July 25, 2016
athenahealth has said that if customers using the company’s athenaOne services get hit with Merit-Based Incentive Payment System (MIPS) payment penalties, it will cover the financial consequences for those unsuccessful practices.

OIG Study Finds 60 Percent of Hospitals Experienced EHR Disruptions, Highlights Importance of Contingency Plans

July 25, 2016
Close to 60 percent of hospitals have experienced an unplanned disruption to their EHR systems and a quarter of those hospitals experienced delays in patient care as a result, according to a study released by the HHS Office of Inspector General (OIG).

University of Mississippi Medical Center Agrees to Pay $2.75M to Settle Potential HIPAA Violations

July 25, 2016
The University of Mississippi Medical Center (UMMC) has signed a resolution agreement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) following an investigation of a data breach of unsecured PHI that occurred in 2013.

Pages