HHS readies health security standards

[InfoSec News <isn () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/1218/web-hhs-12-22-00.asp

BY Colleen OHara
12/22/2000

The Department of Health and Human Services expects to issue final
security standards early next year to protect health care records that
are stored or transmitted electronically.

HHS issued a draft version of the electronic security regulations in
August 1998. The regulations would require all health plans, health
care providers and clearinghouses that maintain or transmit medical
information electronically to establish appropriate safeguards to
ensure that data cannot be lost, improperly accessed or altered.

On Wednesday, HHS issued the first national standards designed to
protect the privacy of personal medical records whether they are
stored electronically or on paper. The regulations put standards in
place to protect medical information maintained by health care
providers, hospitals, health plans and insurers, and health care
clearinghouses.

The privacy requirements include:

* Providers and health plans must give patients a clear written
  explanation of how the plan can use, keep and disclose their health
  information.

* Patients must be able to see and get copies of their records and
  request amendments.

* Health care providers who see patients must obtain patient consent
  before sharing their information for treatment, payment and health
  care operations purposes.

The privacy and security standards are part of the Health Insurance
Portability and Accountability Act of 1996.

President Clinton said Wednesday that because medical records are
increasingly stored electronically, they are easy to abuse. The new
privacy rules will "make medical records easier to see for those who
should see them, and much harder to see for those who shouldnt," he
said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".