URAC Seeks Comment on Updated Standards

HDM Breaking News, June 19, 2009

Health care accreditation firm URAC has updated its privacy and security criteria following enacted amendments to the HIPAA rules in the American Recovery and Reinvestment Act. The Washington-based firm will accept public comment through Aug. 3.

The Act requires business associates to comply with the rules as if they were covered entities. It imposes new notification requirements following breaches of personal health records data. The Act enables individuals to request from covered entities an accounting of all disclosures of their protected health information from electronic health records systems. Individuals also can receive an electronic copy of their personal health information maintained in an EHR.

Further, marketing activities using protected health information now are restricted, covered entities are instructed to limit uses and disclosure of personal health information to the "minimum necessary" to conduct a particular function, and enforcement and penalties have been stiffened.

The updated URAC standards are available at urac.org/publiccomment/. The organization's board expects to review final draft standards in October.

--Joseph Goedert

For more information on related topics, visit the following channels:

• Consumer Health
• Data Security
• Electronic Health Records
• Health Information Exchange
• Policies/Regulation
• Revenue Cycle Management
• Stimulus
• Hospitals
• Group Practices
• Payers