Healthcare

HIPAA/HITECH Act Data Breach Notification Interim Rules and Guidance from The Department of Health and Human Services

This document from the Department of Health and Human Services outlines the general scope and responsibilities for Covered Entities, Business Associates, and other related organizations with respect to Personal Health Information, including the data security breach notification provisions.



Timeline for Modifications HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act (HITECH Act)

The Department of Health and Human Services (HHS) Office for Civil Rights will issue rules to modify the HIPAA Privacy, Security, and Enforcement Rules to implement the privacy, security, and certain enforcement provisions of the Health Information Technology for Economic and Clinical Health Act HITECH Act (title XIII of the American Recovery and Reinvestment Act of 2009).HHS will issue final rules in MARCH 2011.

These modifications to the HIPAA Privacy, Security, and Enforcement Rules will benefit health care consumers by strengthening the privacy and security protections afforded their health information by HIPAA covered entities and their business associated.

Department of Health and Human Services (HHS) previously issued the Notice of Proposed Rule Making (NPRM) that came out in July, 2010.



Regulations Under the Genetic Information Nondiscrimination Act of 2008 (GINA) from the Equal Employment Opportunity Commission

Congress enacted GINA to protect job applicants, current and former employees from discrimination based on their genetic information. GINA required the EEOC to issue implementing regulations. The EEOC proposed these rules (below) under that authority to provide all persons subject to Title II of GINA additional guidance with regard to the law’s requirements.



US Supreme Court Will Decide Case of Health Care “Data Mining”

The United States Supreme Court agreed to hear a challegee to a Vermont law that prohibits the sale, license, or exchange for value of prescriber-identifiable data for marketing or promoting a prescription drug unless the prescriber consents.

The Vermont law was challenged by companies, commonly referred to as “data miners,” which purchase information regarding prescriptions from pharmacies, including the prescriber’s name and address, the name, dosage, and quantity of the drug, the date and place the prescription is filled, and the patient’s age and gender. The data miners aggregate this information and sell it to pharmaceutical research and manufacturing companies to assist in their marketing efforts to prescribing physicians.