Last week, during a keynote speech to the National Health Information Network Forum here D.C., Health and Human Services (HHS) Secretary Leavitt announced key privacy principles
for electronic health information exchange, called The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information
. Leavitt hopes these principles will guide the actions of all health care related entities that participate in networks that electronically exchange patient health information. The principles in the new Privacy and Security Framework include: Individual Access; Correction; Openness and Transparency; Individual Choice; Collection, Use, and Disclosure Limitation; Data Quality and Integrity; Safeguards; and Accountability.
In tandem, HHS's Office of Civil Rights also published new HIPAA Privacy Rule Guidance
as part of a "toolkit" to implement the new framework of principles. The guidance provides some important clarifying information on how the Privacy Rule governs covered entities involved in electronic health information exchange. For example, the guidance clarifies that covered entities must enter into business associate agreements with HIEs and RHIOs when these entities are exchanging information on behalf of a covered entity (e.g. exchanging data for treatment purposes). The guidance also clarifies that personal health records offered to consumers by covered entities are covered by the HIPAA Privacy and Security Rules.
Read more »