Sunday, July 22, 2007

HIPSA Proposed

(Thanks to Ellen Wright Clayton for the pointer)

Recently, Senators Leahy and Kennedy introduced the Health Information Privacy and Security Act to the Senate.

Title I of the bill, "Individual Rights," guarantees an individual's right to supplement, amend, correct, or destroy any of their protected health information maintained or stored by an entity. It also would require entities maintaining, accessing, using, or storing protected health information to provide the individual with a notice of privacy rights and practices, and notify individuals when data corruption or loss of health information is discovered.

Title II of the bill, "Restrictions on Use and Disclosure," includes requirements on groups seeking to disclose protected health information to obtain a signed, written authorization from an individual in connection with any treatment, payment, or other purpose.

Also, individuals must be provided with notification in the case of an actual or attempted security breach if there is at least a "reasonable belief" that protected health information concerning the patient was accessed or acquired during the breach.

A summary of the bill is here.

Monday, July 9, 2007

NYTimes on HIPAA and Access to Records (or Lack Thereof)

Jane Gross, at the NY Times, penned a recent story on the ways in which various health organizations (and their employees) misinterpret the HIPAA Privacy Rule. It's filled with annecdotal evidence, but it does highlight some of the confusions and challenges with implementing the privacy rule correctly.

Read the story here.