Mark your calendars for the online HIMSS Executive Briefing event, “Privacy and Security: Practical Solutions for a Changing Landscape,” scheduled for December 14 from 9 a.m. to 4:00 p.m. CST. Kroll’s own Karen Schuler, CFE, will be presenting a session for the event: “HIPAA and HITECH in the Real World,” from noon to 1:00 p.m.
California continues to tinker with its notification laws, and as mentioned in the first of this two-part series, these will be effective January 1, 2012. The California amendment requires that breach notification be written in plain language and contain:
In the absence of federal action, many states have taken the initiative to address data breaches with their own notification laws. However, to avoid multiple notifications and conflicting obligations, both the Health and Human Services (HHS) and the Federal Trade Commission (FTC) rules expressly preempt state laws to the extent they conflict with federal requirements. State laws with greater notification requirements are not considered in conflict, though, and must be followed in addition to all federal requirements.[1] To avoid duplicative notifications, the federal government strongly recommends that entities strive to meet federal and state obligations in concert.
Flu season may be over, but for the health care industry, a more troublesome and persistent threat is just warming up. Regulatory fever, a common side effect of an ailing economy, is now nearly in full swing. Beginning with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, ensuring privacy and security of patient information in the health care industry has been a primary concern for legislators over the past decade and a half. The HIPAA Privacy Rule extends federal protection to personal health information held by covered entities, and is fulfilled by the Security Rule, which prescribes the use of security safeguards to ensure confidentiality is maintained.[1] While HIPAA was a significant step forward in the security of personal health information management, two new regulations are raising the bar even higher in an effort to integrate and benefit from advancements in information technology.
The Office of the National Coordinator for Health Information Technology (ONC) is seeking public comment regarding personal health records, now through December 10. Comments can be submitted through the website, on the following topics:
The ONC is also hosting a day-long public roundtable discussion, Personal Health Records – Understanding the Evolving Landscape. According to the website, the purpose is to “inform ONC’s congressionally mandated report on privacy and security requirements for non-covered entities (non-CEs), with a focus on personal health records (PHRs) and related service providers.”
