As activity heats up on electronic health records implementations fueled with the prospect of stimulus-funded incentive payments, so heats up efforts to strengthen the HIPAA privacy and security rules.

That's because Congress, while putting together the HITECH Act, understood efforts to accelerate EHR adoption hinged on consumers accepting their medical records becoming electronic.

During a session at Health Data Management's Health IT Summit, Nov. 14-16 in Chicago, health information security consultant Kate Borten will give an overview HIPAA privacy and security enhancements in a proposed rule issued in July, which could be finalized by mid-November.

For instance, language to extend requirements to protect health information to the subcontractors of business associates may be the most significant provision if it remains in the final rule. "I think it's going to take years for this to move down to the end of the chain," says Borten, founder of the Marblehead Group consultancy. "But it's extremely powerful protection if it stays in."

Borten also will touch on additional security issues, such as Massachusetts-based South Shore Hospital's decision to not personally notify some 800,000 patients affected by a data breach. The stance could be a test, she says, of how aggressive the HHS Office for Civil Rights will or will not be in enforcing provisions of the breach notification rule. She'll also talk about the debate over the "harm threshold" in the notification rule that enables organizations that experience a breach to decide if it is serious enough to warrant notification.

The lasting impression Borten wants to leave is that privacy and security are not static, they aren't just a project that was once done years ago when the original privacy and security rules were finalized, and the rules now are getting tougher.

For more information on the Health IT Summit at the Swissotel Chicago, downtown at the intersection of Lake Michigan and the Chicago River, click here.

--Joseph Goedert

 

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access