Mostashari: HIPAA Rules Out by Summer’s End
The final omnibus HIPAA rule governing the privacy, security, breach notification and enforcement rules, and the Genetic Information Non-Discrimination Act, should be out by the end of summer, says Farzad Mostashari, national coordinator for health information technology.
The final omnibus HIPAA rule governing the privacy, security, breach notification and enforcement rules, and the Genetic Information Non-Discrimination Act, should be out by the end of summer, says Farzad Mostashari, national coordinator for health information technology.
He made the announcement during the opening keynote of the Health Privacy Summit underway in Washington, D.C. Mostashari also noted the rules will extend liability under HIPAA to business associates and subcontractors, which was a major provision of the proposed rules. The final omnibus rule was sent on March 24 to the Office of Management and Budget for review, one of the last steps before publication.
In his keynote, Mostashari emphasized that awareness of the importance of technical and cultural considerations to assure privacy protections are at the center of everything ONC does. The priority for the agency has been to expand adoption of electronic health records-an effort that has been successful, he noted. The next step is to increase the trust needed to exchange health data, then creating a "learning" health system where the data is routinely used appropriately. "You can't get information exchange unless there's trust. We can't get a learning health system unless there's trust."
ONC, Mostashari said, is working with software vendors on functionalities that are required to bring privacy into information systems by design. The goal is to have privacy protections build into the systems. When exchanging data, for example, personal identifiers should not be in the header but encrypted in the package. "Routing should never require personal information. This is privacy by design."
The industry also needs to better educate patients on their privacy rights, he said. They should know how their information is used and how to complain about violations. And providers need to better understand what HIPAA requires and does not require, as they often times misinterpret its provisions. Patients, he asserted, should never hear, "Sorry, I can't give you your health records because of HIPAA."
ONC's new Office of Consumer eHealth will focus on protecting information and making it available to consumers, Mostashari explained. It remains difficult for patients to ask providers for their records and changing provider attitudes is a priority of the office. ONC will work with nurses to help them become advocates for patients in asserting their privacy rights.
He made the announcement during the opening keynote of the Health Privacy Summit underway in Washington, D.C. Mostashari also noted the rules will extend liability under HIPAA to business associates and subcontractors, which was a major provision of the proposed rules. The final omnibus rule was sent on March 24 to the Office of Management and Budget for review, one of the last steps before publication.
In his keynote, Mostashari emphasized that awareness of the importance of technical and cultural considerations to assure privacy protections are at the center of everything ONC does. The priority for the agency has been to expand adoption of electronic health records-an effort that has been successful, he noted. The next step is to increase the trust needed to exchange health data, then creating a "learning" health system where the data is routinely used appropriately. "You can't get information exchange unless there's trust. We can't get a learning health system unless there's trust."
ONC, Mostashari said, is working with software vendors on functionalities that are required to bring privacy into information systems by design. The goal is to have privacy protections build into the systems. When exchanging data, for example, personal identifiers should not be in the header but encrypted in the package. "Routing should never require personal information. This is privacy by design."
The industry also needs to better educate patients on their privacy rights, he said. They should know how their information is used and how to complain about violations. And providers need to better understand what HIPAA requires and does not require, as they often times misinterpret its provisions. Patients, he asserted, should never hear, "Sorry, I can't give you your health records because of HIPAA."
ONC's new Office of Consumer eHealth will focus on protecting information and making it available to consumers, Mostashari explained. It remains difficult for patients to ask providers for their records and changing provider attitudes is a priority of the office. ONC will work with nurses to help them become advocates for patients in asserting their privacy rights.
More for you
Loading data for hdm_tax_topic #reducing-cost...