The U.S. Department of Health & Human Services (HHS) is looking for input on proposed changes to Health Insurance Portability and Accountability Act (HIPAA) privacy provisions.
Specifically, the HIPAA privacy request for information, released last week by HHS, seeks input on the effectiveness of rules that spell out how patients can request an account of the ways their personal health information has been disclosed. HHS also wants feedback on the administrative burden that is placed on the users of electronic health record, or EHR, systems when such notifications are requested. The comment period closes May 18.
Requests about health information disclosures, it should be noted, are but one of many new HIPAA privacy rules introduced in the HITECH Act. Others, such as stricter laws for data breach notifications and an expanded definition of “HIPAA-covered entity,” have garnered recent attention.
Taken together, the three provisions represent an effort to reassure patients that their personal health information is in safe hands — and that they will be notified right away if it is not. Information security is a daunting and overdue task, but that should not diminish its importance. After all, few factors drive health care’s adoption of IT quite like patient confidence.