HHS Strengthens Health Information Privacy & Security, is it Enough?

The National Health and Human Services department has announced new rules intended to strengthen the privacy of your health information. The goal of these new rules is to ensure that as use of health information technology expands, Americans can trust that their health information is protected and secure. The new rules include broader individual rights and stronger protections when third parties handle individually identifiable health information.

The proposed rule aims to strengthen and expand enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Enforcement Rules by:

  • expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans.
  • requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
  • setting new limitations on the use and disclosure of protected health information for marketing and fundraising; and
  • prohibiting the sale of protected health information without patient authorization.

The department also launched a new health privacy website at http://www.hhs.gov/healthprivacy/index.html to provide consumers easy access to information about HHS’s privacy policies.

“To improve the health of individuals and communities, health information must be available to those making critical decisions, including individuals and their caregivers,” said HHS Secretary Kathleen Sebelius. “While health information technology will help America move its health care system forward, the privacy and security of personal health data is at the core of all our work.”

“HHS strongly believes that an individual’s personal information is to be kept private and confidential and used appropriately by the right people, for the right reasons,” said of HHS Chief Privacy Officer Joy Pritts.  “Without such assurances, an individual may be hesitant to share relevant health information.”

Are these steps enough to protect your medical identity?

While these steps are important measures for those legally accessing records, it does nothing to ensure that the access to these records through doctors offices across the country are appropriately secured. Where are the security requirements for every single computer and user accessing this information?

I believe that online records can improve medical treatment, the risks outweigh the benefits until  our records are secure. When we know our privacy is ensured. When we know that some malicious entity hasn’t written a virus changing our medical histories, when we know we can correct mistakes that appear in the online records.

These new rules do nothing to strengthen our protections against these risks.

To learn more about the risks of online medical records, see these blogs:



Comments are closed.

%d bloggers like this: