A final omnibus rule to strengthen HIPAA privacy and security safeguards and provide better protection for electronic health data will be released by the end of 2011, according to an HHS official, Government Health IT reports.
Susan McAndrew -- deputy director for health information privacy in the HHS Office for Civil Rights -- said the office was "quite far along" with the long-awaited rule, and she is "hoping that we are targeting months, if not weeks, for the publication." McAndrew spoke on Tuesday during a HIPAA conference sponsored by OCR and the National Institute of Standards and Technology.
Elements of Rule
According to McAndrew, the rule will include final versions of proposed regulations that were mandated by the HITECH Act to:
- Provide for data breach notification;
- Strengthen HIPAA enforcement; and
- Expand other privacy and security protections (Mosquera, Government Health IT, 5/10).
The major provisions of the final rule will cover new protection requirements pertaining to:
- Business associates and subcontractors;
- Marketing and sales of protected health information;
- Research; and
- Student immunization records (Goedert, Health Data Management, 5/10).
Separate Proposed Rule Also Expected
McAndrew also said that OCR will issue a proposed rule relating to disclosures of electronic health information.
The rule will allow patients to view who has accessed their medical information (Government Health IT, 5/10). The rule also will give individuals the ability to weigh in on whether health plans can receive information on treatment paid for out of pocket.
This proposed rule, which also is "very close" to release, will be issued separately from the final omnibus rule, according to McAndrew (Health Data Management, 5/10).