Proposed rule changes to the Health Information Portability and Accountability Act of 1996 (HIPAA) unveiled Thursday would "include broader individual rights and stronger protections when third parties handle individually identifiable health information," according to the HHS.
The new rules come as the federal government, health providers and private companies have begun working together to set standards and build out networks for health information exchange and electronic health records.
"The purpose of these modifications is to implement recent statutory amendments under the Health Information Technology for Economic and Clinical Health Act (HITECH), to strengthen the privacy and security protection of health information, and to improve the workability and effectiveness of these HIPAA rules," according to the notice of proposed rulemaking.
According to the HHS, the new rules would:
- expand individuals' rights to access their information and to restrict certain types of disclosures of protected health information to health plans;
- require business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
- set new limitations on the use and disclosure of protected health information for marketing and fundraising; and
- prohibit the sale of protected health information without patient authorization.