Tuesday, June 28, 2011

Employer alert: Proposed rules that affect health privacy

New Rules Address Health Privacy

Employees may soon be able to ask for a report of who has accessed their health information. The Department of Health and Human Services recently issued a proposed rule that would allow individuals to request such a report. The proposal is part of the Health Insurance Portability and Accountability (HIPAA) Act Privacy Rule.


Comments on the proposed rule are due by Aug. 1. For more information, visit http://www.hhs.gov/news/press/2011pres/05/20110531c.html:

HHS announces proposed changes to HIPAA Privacy Rule

HITECH lets people know who has accessed their health information

A Notice of Proposed Rulemaking concerning the accounting of disclosures requirement under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, is available for public comment. The proposed rule would give people the right to get a report on who has electronically accessed their protected health information.

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) is proposing changes to the Privacy Rule, pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act. HITECH is part of the American Recovery and Reinvestment Act of 2009.

“This proposed rule represents an important step in our continued efforts to promote accountability across the health care system, ensuring that providers properly safeguard private health information,” said OCR Director Georgina Verdugo. “We need to protect peoples’ rights so that they know how their health information has been used or disclosed.”

People would obtain this information by requesting an access report, which would document the particular persons who electronically accessed and viewed their protected health information. Although covered entities are currently required by the HIPAA Security Rule to track access to electronic protected health information, they are not required to share this information with people.

The proposed rule requires an accounting of more detailed information for certain disclosures that are most likely to affect a person’s rights or interests. The proposed changes to the accounting requirements provide information of value to individuals while placing a reasonable burden on covered entities and business associates.

People may now read the proposed rule at: http://www.federalregister.gov/ and submit comments to http://www.regulations.gov/ (search for Proposed Rule) through August 1, 2011.

People who believe a covered entity has violated their (or someone else’s) health information privacy rights or committed another violation of the HIPAA Privacy or Security Rules, may file a complaint with OCR at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html. Additional information about OCR’s enforcement activities can be found at http://www.hhs.gov/ocr.

***********************************************************************************************


Another proposed rule from the Equal Employment Opportunity Commission increases record keeping requirements. The same rules that apply to Title VII of the Civil Rights Act of 1964 and the Americans with Disabilities Act would apply to organizations covered by the Genetic Information Nondiscrimination Act.


Comments on the proposed rule are due Aug. 1. For more information on the proposed rule, visit http://www.gpo.gov/fdsys/pkg/FR-2011-06-02/pdf/2011-13629.pdf.

More: http://www.workplacemagazine.com/ezinestory/HR/2011/June/06282011article2.shtml

No comments:

Post a Comment