A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
HHS Privacy and Security
July 28, 2010 at 11:58 am #106697
HHS Press Release
HHS Strengthens Health Information Privacy and Security through New Rules
New health privacy website launched
HHS Secretary Kathleen Sebelius today announced important new rules and resources to strengthen the privacy of health information and to help all Americans understand their rights and the resources available to safeguard their personal health data. Led by the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR), HHS is working with public and private partners to ensure that, as we expand the use of health information technology to drive improvements in the quality and effectiveness of our nation’s health care system, Americans can trust that their health information is protected and secure.
“To improve the health of individuals and communities, health information must be available to those making critical decisions, including individuals and their caregivers,” said HHS Secretary Kathleen Sebelius. “While health information technology will help America move its health care system forward, the privacy and security of personal health data is at the core of all our work.”
Through the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, current health information privacy and security rules will now include broader individual rights and stronger protections when third parties handle individually identifiable health information.
The proposed rule announced today would strengthen and expand enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Enforcement Rules by:
* expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans.
* requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
* setting new limitations on the use and disclosure of protected health information for marketing and fundraising; and
* prohibiting the sale of protected health information without patient authorization.
“The benefits of health IT can only be fully realized if patients and providers are confident that electronic health information is kept private and secure at all times,” said Georgina Verdugo, OCR director at HHS. “This proposed rule strengthens the privacy and security of health information, and is an integral piece of the administration’s efforts to broaden the use of health information technology in health care today.”
HHS is also looking more closely at entities that are not covered by HIPAA rules to understand better how they handle personal health information and to determine whether additional privacy and security protections are needed for these entities.
“Giving more Americans the ability to access their health information wherever, whenever and in whatever form is a critical first step toward improving our health care system,” said HHS’ national coordinator for health information technology, David Blumenthal, M.D., M.P.P. “Empowering Americans with real-time and secure access to the information they need to live healthier lives is paramount.”
HHS also launched today a privacy website at http://www.hhs.gov/healthprivacy/index.html to help visitors easily access information about existing HHS privacy efforts and the policies supporting them. The site emphasizes HHS’ deep commitment to privacy in the collection, use, and exchange of personally identifiable information. This new resource provides Americans with confidence that their personal information is secure and underscores HHS’ goal of greater openness and transparency in government.
The HITECH Act established the position of Chief Privacy Officer in ONC. Joy Pritts recently assumed the new position and is leading HHS efforts to develop and implement privacy and security programs and polices related to electronic health information.
“HHS strongly believes that an individual’s personal information is to be kept private and confidential and used appropriately by the right people, for the right reasons,” said Pritts. “Without such assurances, an individual may be hesitant to share relevant health information.”
For more information about the proposed rule announced today visit http://www.ofr.gov/OFRUpload/OFRData/2010-17210_PI.pdf
For other HHS Recovery Act programs, see. http://www.hhs.gov/recovery/programs/index.html#Health
July 28, 2010 at 12:00 pm #106699
Federal Register Rule Proposal
You must be logged in to reply to this topic.