The U.S. Department of Health and Human Services (HHS) on Thursday announced “sweeping” updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which are designed to strengthen patient privacy protections.
The final omnibus rule includes a measure that would extend the privacy rules to contractors and subcontractors of healthcare providers, healthcare plans and other organizations that process health insurance claims. Previously, the law applied only to the healthcare providers and healthcare plans themselves.
The new regulations also raise the disclosure standard for companies that fall victim to information breaches. Previously, companies had to report only those breaches that involved a significant risk of monetary, reputational or other harm to the patient. Under the new rule, organizations must notify the government and patients in the event that any health information is likely compromised.
“Much has changed in health care since HIPAA was enacted over 15 years ago,” HHS Secretary Kathleen Sebelius said in a statement. “The new rule will help protect patient privacy and safeguard patients’ health information in an ever-expanding digital age.”
On an individual level, the law allows patients to request their medical records in electronic form. It also limits how organizations can use personal healthcare information for marketing and fundraising, and prohibits the sale of patients’ information without their permission.
Read more at Thomson Reuters.
For more InsideCounsel coverage of the healthcare industry, see: