After proposed medical privacy regulations were criticized by several lawmakers for not going far enough, HHS will rewrite the regulations and aim to release a final proposal by this fall, the New York Times reports.
The White House urged HHS Secretary Kathleen Sebelius to rewrite the regulations, which HHS developed based on privacy safeguards that had been outlined in the 2009 economic stimulus package.
Concerns With Proposal
HHS originally submitted its medical privacy regulations proposal to the White House in May for approval. However, a group of lawmakers in a letter to Sebelius criticized the proposed rules because they did not require health care providers and health insurance companies to notify patients and customers of a privacy breach unless the breach posed “a significant risk of financial, reputational or other harm to the individual.”
The rule specifically stipulated that no notification was necessary if the hospital or insurer concluded that the patient would not be harmed.
Addressing ‘Harm Threshold’
HHS said that some kind of “harm threshold” was necessary to ensure that consumers would not be inundated with breach notices and warnings about privacy violations that were not significant or harmful.
The Privacy Rights Clearinghouse — a patient privacy rights advocacy group — has estimated that the private medical information of more than five million individuals has been improperly used or accessed in the past 18 months.
The incidence of such breaches appears to have become more common as health care providers and consumers increasingly adopt health IT, social media and other Internet-based tools (Pear, New York Times, 8/22).
