HHS readies health security standards
- By Colleen O'Hara
- Dec 22, 2000
The Department of Health and Human Services expects to issue final security
standards early next year to protect health care records that are stored
or transmitted electronically.
HHS issued a draft version of the electronic security regulations in August
1998. The regulations would require all health plans, health care providers
and clearinghouses that maintain or transmit medical information electronically
to establish appropriate safeguards to ensure that data cannot be lost,
improperly accessed or altered.
On Wednesday, HHS issued the first national standards designed to protect
the privacy of personal medical records whether they are stored electronically
or on paper. The regulations put standards in place to protect medical information
maintained by health care providers, hospitals, health plans and insurers,
and health care clearinghouses.
The privacy requirements include:
* Providers and health plans must give patients a clear written explanation
of how the plan can use, keep and disclose their health information.
* Patients must be able to see and get copies of their records and request
* Health care providers who see patients must obtain patient consent before
sharing their information for treatment, payment and health care operations
The privacy and security standards are part of the Health Insurance Portability
and Accountability Act of 1996.
President Clinton said Wednesday that because medical records are increasingly
stored electronically, they are easy to abuse. The new privacy rules will
"make medical records easier to see for those who should see them, and much
harder to see for those who shouldn't," he said.