A recent HHS decision to withdraw the HIPPA final “breach notification” rule drew praise from patient privacy advocates, who cited the need for stronger privacy protections. HHS announced that the final rule for breach notification of unsecured protected health information, issued under the HITECH act, would be published in coming months. “This is a complex issue,” the HHS explained on the HIPPA section of its website, “and the Administration is committed to ensuring that individuals’ health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur.”
The Patient Privacy Rights Foundation, a privacy watchdog organization, called the move “a huge step in the right direction,”and reiterated its objections to the "harm standard." Using the harm standard would have allowed businesses suffering data security breaches to decide for themselves whether patients would likely be harmed by the breach. The privacy group called this “letting the fox guard the hen house,” and pointed out that in drafting the American Recovery and Reinvestment Act, Congress specifically considered and rejected the harm standard. As noted by the privacy rights group, several congressional leaders have written the HHS asking for the harm standard provision to be revised or repealed.Ms. Graham is a writer and editor with a current focus on health and wellness. To read more of her articles, please visit her columnist page.
Edited by Erin Monda