Skip to content Skip to navigation

BREAKING: HHS Releases HIPAA Update

January 17, 2013
by Gabriel Perna
| Reprints

The U.S. Department of Health and Human Services (HHS) has released an update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), aiming to better protect patient privacy and safeguard patients’ health information in the digital age, according to HHS Secretary Kathleen Sebelius. 

The changes to HIPAA, according to HHS, are a bit consumer-focused. For instance, patients can now ask for a copy of their electronic medical record in an electronic form. Furthermore, HHS is allowing individuals the ability to tell their provider to not share information about their treatment with their health plan. There are also limits on how your health information can be used and disclosed for marketing and fundraising purposes. It also has forbidden the sale of a patients’ health information without their permission.

According to HHS, this HIPAA update will also expand the legislation to include greater focus and requirements of business associates of providers, payers, and other healthcare organizations that receive protected health information (PHI). HHS cites the fact that many of the largest data breaches in the past have been due to third-party mishap. As a result, penalties have been increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.

“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” HHS Office for Civil Rights Director Leon Rodriguez said in a statement.   “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”

These and other HIPAA changes can be viewed here.

Health IT Summit Series - Focus: CYBER-SECURITY

Get the latest information on Cyber-Security, and attend other valuable sessions at this two-day, intimate event bringing together C-level, physician, practice management and IT decision makers for strategy discussions, knowledge exchange, and one-on-one meetings.

Boston, June 23-24   |   Denver, July 12-13
Topics

News

Orthopedic Clinic Pays $750K HIPAA Settlement For Disclosing PHI Without a Business Associate Agreement

April 22, 2016
Raleigh Orthopaedic Clinic of North Carolina agreed this week to pay $750,000 to settle charges that it allegedly violated privacy rules by providing patients’ protected health information (PHI) to a business partner without first executing a business associate agreement.

U.S. Coast Guard Terminated Contract with Epic for EHR Implementation

April 22, 2016
The U.S. Coast Guard terminated its contract with Epic to implement an electronic health record (EHR) system, which expanded into an Integrated Health Information System (IHiS), citing concerns about cost and technical complexity, a USCG representative confirmed.

New York Presbyterian Hospital to Pay $2.2 Million for Disclosure of Patients’ PHI

April 22, 2016
The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) this week announced it had reached a $2.2 million settlement with New York Presbyterian Hospital (NYP) related to the unauthorized filming of two patients for an episode of “NY Med.”

Intermountain, Stanford Partner on Clinical Genomics Initiative

April 22, 2016
Intermountain Healthcare and the Stanford Genome Technology Center (SGTC) have established a new collaborative research program with the aim of producing scientific advances in precision health and medicine.

Research: Machine Learning Proves Faster Than Human Review in Detecting Cancer Cases

April 22, 2016
Open-source machine learning tools were found to be as good as, or better than, human reviewers in detecting cancer cases using data from free-text pathology reports, according to researchers from the Regenstrief Institute and Indiana University School of Informatics and Computing at Indiana University-Purdue University Indianapolis (IUPUI).

AHIMA Releases Patient Portal Toolkit for Health Information Management Professionals

April 21, 2016
The American Health Information Management Association (AHIMA) has developed a patient portal toolkit to provide guidance on the issues, latest regulatory requirements, opportunities and challenges of implementing a patient portal.

CMS Delays Release of New Hospital Star Ratings

April 21, 2016
The Centers for Medicare & Medicaid Services (CMS) has delayed its plans to release its new quality star ratings for U.S. hospitals until July at the earliest.

2015 Was a Year of Serious Data Breaches, Major Attacks and New Vulnerabilities, Report Says

April 21, 2016
Healthcare was the most frequently targeted industry for cyber attacks in 2015, with the highest security incident rate, surpassing financial services and manufacturing, according to a new IBM Security Services report.

Report: Closing Gaps in Care Through Data Exchange Can Improve Quality Outcomes, Yield High ROI

April 21, 2016
Programs and services that address gaps in care through provider-payer data exchange via health information technologies can produce a high return on investment, according to a new report from the Workgroup for Electronic Data Exchange.

Decisions Resource Group Launches Substantial Repository of Claims, EHR Data

April 21, 2016
Decisions Resource Group (DRG), a Burlington, Mass.-based healthcare analytics company, has launched a real world evidence (RWE) repository of claims and electronic health record (EHR) data that the company says provides insight to more than 90 percent of the U.S. healthcare system.

Congressmen Introduce Health IT Bill That Would Shorten MU Reporting Period

April 20, 2016
U.S. Senators Rob Portman (R-Ohio) and Michael Bennet (D-Colo.), and others, have introduced the Flexibility in Electronic Health Record (EHR) Reporting Act, a bill with bipartisan support that would make modifications to the meaningful use program.

For Telemedicine Providers, the Policy Landscape Continues to Have Both Gains and Losses, Report Says

April 20, 2016
When it comes to telehealth laws and reimbursement policies, legislators and policy makers across the country seem to be taking one step forward and then one step back, according to a new report from The Center for Connected Health Policy (CCHP).

As VA Puts Epic Scheduling Project on Hold, Veterans’ Access to Care Remains an Issue

April 20, 2016
A recently-released Government Accountability Office (GAO) report found that not all newly enrolled veterans were able to access primary care from the Department of Veterans Affairs' (VA) Veterans Health Administration (VHA) due to data weaknesses and the lack of a comprehensive scheduling policy.

Report: Healthcare Organizations Must Use Layered Endpoint Security to Combat Ransomware “Blitzkrieg”

April 20, 2016
Securing vulnerable endpoints in an organization’s network is the first step in the battle against ransomware and is one part of a layered defense, according to a new report from the Institute for Critical Infrastructure Technology.

VA CIO Says New Digital Platform is On the Way

April 19, 2016
Last week, the Department of Veterans Affairs (VA) CIO LaVerne Council said in a Congressional hearing that VA will launch a new digital health platform later this year, according to a FedScoop report.

Pages