Rule would give patients more info on how their data is used
HHS’ Office for Civil Rights posted a proposed rule that could give patients more insight into how their information is shared. The Civil Rights Office has enforcement authority for the HIPAA privacy rule and said the proposed rule, to be published in the May 31 Federal Register, reflects changes mandated by the American Recovery and Reinvestment Act of 2009. The stimulus law’s health information technology provisions require that covered entities using electronic health records be able to account for— and report to patients, at their request— disclosures of records, including those related to treatment, payment and other healthcare operations. The Civil Rights Office noted that it is also looking to exercise “more general authority” granted under HIPAA itself. The rule comes less than two weeks after audit reports by HHS’ inspector general’s office took the Civil Rights Office, the CMS and the Office of the National Coordinator for Health Information Technology to task on what they found to be lagging efforts to enforce HIPAA security provisions and promote health information security (May 23, p. 6).