JUN 6, 2012

Related Links

ONC Needs to Improve Risk-Rating Features of New Security Tool
April 16, 2014
DeSalvo Calls for Restructuring of HIT Policy Committee Workgroups
April 14, 2014
Tips for Healthcare Organizations Migrating to the Cloud
April 14, 2014
HIT Policy Committee Okays Best Practices for Proxy Access to Patient PHI
April 10, 2014
BIDMC Pilot Shares Mental Health Records With Patients
April 8, 2014
Kaiser Had Malware on Server for 2.5 Years
April 8, 2014
Stolen PHI in LA County Theft More than Doubles
April 7, 2014

Mostashari: HIPAA Rules Out by Summer's End

Print
Reprints
Email

The final omnibus HIPAA rule governing the privacy, security, breach notification and enforcement rules, and the Genetic Information Non-Discrimination Act, should be out by the end of summer, says Farzad Mostashari, national coordinator for health information technology.

He made the announcement during the opening keynote of the Health Privacy Summit underway in Washington, D.C. Mostashari also noted the rules will extend liability under HIPAA to business associates and subcontractors, which was a major provision of the proposed rules. The final omnibus rule was sent on March 24 to the Office of Management and Budget for review, one of the last steps before publication.

In his keynote, Mostashari emphasized that awareness of the importance of technical and cultural considerations to assure privacy protections are at the center of everything ONC does. The priority for the agency has been to expand adoption of electronic health records-an effort that has been successful, he noted. The next step is to increase the trust needed to exchange health data, then creating a "learning" health system where the data is routinely used appropriately. "You can't get information exchange unless there's trust. We can't get a learning health system unless there's trust."

ONC, Mostashari said, is working with software vendors on functionalities that are required to bring privacy into information systems by design. The goal is to have privacy protections build into the systems. When exchanging data, for example, personal identifiers should not be in the header but encrypted in the package. "Routing should never require personal information. This is privacy by design."

The industry also needs to better educate patients on their privacy rights, he said. They should know how their information is used and how to complain about violations. And providers need to better understand what HIPAA requires and does not require, as they often times misinterpret its provisions. Patients, he asserted, should never hear, "Sorry, I can't give you your health records because of HIPAA."

ONC's new Office of Consumer eHealth will focus on protecting information and making it available to consumers, Mostashari explained. It remains difficult for patients to ask providers for their records and changing provider attitudes is a priority of the office. ONC will work with nurses to help them become advocates for patients in asserting their privacy rights.

Get access to this article and thousands more...

All Health Data Management articles are archived after 7 days. REGISTER NOW for unlimited access to all recently archived articles, as well as thousands of searchable stories. Registered Members also gain access to exclusive industry white paper downloads, web seminars, podcasts, e-books, and conference discounts. Qualified members may also choose to receive our free monthly magazine and any of our e-newsletters covering the latest breaking news, opinions from industry leaders, developing trends and specialized topics like EHR's, revenue cycle management, health insurance exchanges, analytics, and more!

Already Registered?

Twitter
Facebook
LinkedIn

Unlike some other major industries, health care incorporates geospatial data only sparingly. But that could change quickly with population health a priority.

Login  |  My Account  |  White Papers  |  Web Seminars  |  Events |  Newsletters |  eBooks
Already a subscriber? Log in here
Please note you must now log in with your email address and password.