April 24, 2007
HHS Launches New Website on HIPAA Privacy Compliance and Enforcement
To coincide with the fourth anniversary of the enforcement of the HIPAA Privacy Rule, the Department of Health and Human Services (HHS) announced on April 20, that it has launched an enhanced website that will make it easier for consumers, healthcare providers, and others to get information about how the Department enforces health information privacy rights and standards. In launching the website, Winston Wilkinson, the Director of the HHS Office for Civil Rights, noted: "HHS has obtained significant change in the privacy practices of covered entities through its enforcement program. Corrective actions obtained by HHS from these entities have resulted in change that is systemic and affects all the individuals they serve."
The Health Information Privacy website provides comprehensive information about the Privacy Rule, which creates important federal rights and requirements to protect the privacy of personal health information. The enhanced website, provides information for consumers, healthcare providers, health plans, and others in the healthcare industry about HHS's compliance and enforcement efforts. The new information describes HHS activities in enforcing the Privacy Rule, the results of those enforcement activities, and statistics showing which types of complaints are received most frequently, and the types of entities most often required to take corrective action as a result of consumer complaints. The other information on the website covers consumers' rights to access their health information and significantly control how their personal health information is used and disclosed, as well as guidance about how to submit complaints about possible violations of the law, and extensive guidance for entities who must comply with the rule.
HHS issued the patient privacy protections pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The first and only comprehensive federal privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals, and other healthcare providers took effect on April 14, 2003. Developed by HHS, these standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. The regulation covers health plans, healthcare clearinghouses, and those healthcare providers who conduct certain financial and administrative transactions (e.g., enrollment, billing, and eligibility verification) electronically. HHS has conducted extensive outreach and provided guidance and technical assistance to providers and businesses to help them implement the new privacy protections.
To access these materials, please click here
Delegation of Subpoena Authority
On April 16, 2007, OCR announced that the Secretary of Health and Human Services has delegated to the Director of OCR the authority to issue subpoenas in investigations of alleged violations of the HIPAA Privacy Rule and of the Patient Safety and Quality Improvement Act of 2005.
The link to the Federal Register notice is available at www.hhs.gov/ocr/hipaa.
We would like to thank Hal McCard (Chaffe McCall LLP, New Orleans, LA) for providing this email alert.