The U.S. Department of Health and Human Services has released long-overdue changes to the 1996 Health Insurance Portability and Accountability Act (HIPAA) that are intended to impact patients health records — particularly one's electronic health records.
"The final rule stands to change the practice of health care privacy and security as we know it," said Lynne Thomas Gordon, CEO of the American Health Information Management Association (AHIMA), in a statement. "It is a new era and it begins today."
Several of the security requirements have been expanded with the increased use of electronic health records and electronic patient access. It does this in part through a strengthening of the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements, by clarifying when breaches of unsecured health information must be reported to HHS, according to a statement from HHS. New rules also include notifying patients if the security of the health record is breached.
Patients also have expanded rights to access and restrict disclosure of their health records and they can ask for a copy of their electronic medical record in an electronic form.
