 |
||||
 | |
| ||
|
||||
| ||||
|
|
||||
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.
Storage
WAN Services
Web/e-commerce
Wireless/Mobile
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings
/
HHS lets HIPAA health-privacy rules take effect, but promises change
 
|
|||
 | |||
|
Tough federal health-privacy rules formulated in the last month of the Clinton Administration are due to take effect April 14, and Thursday the Department of Health and Human Services Secretary Tommy Thompson decided to let that occur, but promised there will changes to the rules.
The Health Insurance Portability and Accountability Act (HIPAA) privacy regulations set tough rules for how the healthcare industry and its business partners must protect patient data. The rules are widely opposed by the hospital and insurance industry associations, which submitted thousands of pages of criticism about them to HHS last month.
On Monday, HHS Secretary Tommy Thompson said the agency needs more time to review the 24,000 written comments about the proposed HIPAA regulations it had received in the last 30 days before letting the rules go into effect, according to USA Today. But he apparently backed down from that position today, issuing a statement that lets the Bush Administration claim the HIPAA privacy rules as a victory for consumers - while nevertheless promising to make changes to HIPAA soon.
In the statement, Thompson said HHS will issue new "guidelines" to indicate exactly how HHS expects HIPAA to be implemented by hospitals, insurance companies and others that must comply with HIPAA privacy rules.
HIPPA brings "patient peace of mind in knowing their medical records are indeed confidential," Thompson said. But HHS "will keep the comments in mind and begin the process of issuing guidelines on how the rules should be implemented. The guidelines will allow us to clarify some of the confusion regarding how the rules should be implemented."
HIPAA is a three-part set of rules, and HIPAA regulations related to e-commerce have already been issued and taken effect to mandate certain technologies, such as Electronic Data Interchange.
The privacy portion of the HIPAA rules has been more controversial. Much of the established healthcare industry - including the Blue Cross/Blue Shield Association, The American Benefits Council, and the American Hospital Association - have become vocal critics of the rules, which they say will be too costly and impede patient care. A third portion of the HIPAA rules concerns security, and the final version is not yet out.
The HIPAA regulations were planned for several years under the Clinton Administration to respond to a law passed in 1996 to set healthcare privacy, e-commerce and security standards for the nation. As such, hospitals and insurance companies have already taken steps to implement certain HIPAA rules, such as appointing a "privacy officer," and have been changing the way they manage their networks and computer systems to try to put tighter security controls on them when needed. There are already many state laws regarding privacy of patient data - including Texas state law, which some legal analysts claim is even tougher than HIPAA. The federal HIPAA rules would preempt more lax state regulation, except where state law is deemed to be even tougher.
The HIPAA privacy rules require healthcare organizations to ensure their business partners take as much care with patient data as they would. This would in effect require business partners, including those in the high-tech industry, to carefully follow the HIPAA rules. Under the privacy rules, a corporate CEO could be held liable for privacy violations and face jail time if successfully prosecuted.
Related Links
 |
 |
 |
|||||
|
|
|
|
|
|||