The National Committee on Vital and Health Statistics recently in a letter to HHS Secretary Mike Leavitt requested that HIPAA privacy protections be extended to more health care entities that will be part of the Nationwide Health Information Network, Health Data Management reports.
"HHS and Congress should move expeditiously to establish laws and regulations that will ensure that all entities that create, compile, store, transmit or use personally identifiable health information are covered by a federal privacy law," the letter said.
The committee during the last year held three hearings to obtain more information about groups that use health data in their daily operations but are not covered under HIPAA, Health Data Management reports.
"A significant concern is that many of the new entities essential to the operation of the Nationwide Health Network fall outside HIPAA's statutory definition of 'covered entity,'" including:
- Community access services;
- Health information exchanges;
- Medical record banks;
- Regional health information organizations;
- Record locator services;
- System integrators; and
- Other new entities, according to the letter.
The committee also sent Leavitt a letter urging federal officials to improve coordination between the HIPAA privacy rule and the Family Educational Rights and Privacy Act, which governs school medical records (
Health Data Management, 7/11).
Bryon Pickard, president of the American Health Information Management Association, in June told Congress that HIPAA's privacy and security protections should be extended to all entities handling health information and should include personal health records (
iHealthBeat, 6/21).