HHS proposes standards for electronic health data
HHS proposes standards for electronic health data
The federal Department of Health and Human Services (HHS) has proposed new standards for protecting individual health information when it is maintained or transmitted electronically.
The new security standards were designed to protect all electronic health information from improper access or alteration and to protect against loss of records.
At the same time, HHS Secretary Donna Shalala called on Congress to enact further protections to guarantee the privacy of medical records.
"The proposals we are making today set a national standard for protecting the security and integrity of medical records when they are kept in electronic form," Shalala said. "It is crucial to have these standards, as we move increasingly toward electronic medical records. But it is also not enough. In addition, we urgently need new legal protections to safeguard the privacy of medical records in all forms."
The new electronic data security standards were mandated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which also called on the Secretary of HHS to make recommendations to Congress on how to protect the privacy of health information.
Shalala delivered her recommendations for new health privacy legislation last September. Under HIPAA, Congress is given until August 1999 to enact privacy protections. If Congress fails to act by that time, HIPAA authorizes the Secretary to implement privacy protections by regulation.
The proposed regulations announced by HHS include technical guidance as well as administrative requirements for those who use electronic health information, medical records of individuals. All health plans, health care providers, and health care clearinghouses that maintain or transmit health information electronically will be required to establish and maintain responsible and appropriate safeguards to ensure the integrity and confidentiality of the information.
Depending on size and complexity, health care businesses will have different security needs. All will have to comply with the security requirements. Some businesses may need to implement more sophisticated safeguards than others.
For example, all firms that transmit or maintain electronic health information will need to develop a security plan, provide training for employees, and secure physical access to records. Health information about individuals must be protected during transmission and where maintained in electronic form. Other administrative procedures, physical safeguards, and technical security measures also will be needed.
Verification, identity ensured
The proposal includes an electronic signature standard which specifies that a digital signature be used when an electronic signature is required for one of the standard transactions specified in the law. This standard will verify the identity of the person signing and the authenticity of an electronic health care document.
The proposal, published Aug. 12, 1998, in the Federal Register, is one of a series of administrative simplification efforts required by HIPAA. Other HIPAA-required proposals include standards for a uniform electronic health care claim (and other common administrative transactions) and for reporting diagnoses and procedures in the transactions.
HIPAA also required HHS to establish standards for unique identifier numbers for health care providers, employers, and health plans. Proposals already have been made for employers and providers.
In addition, HIPAA called on HHS to adopt standards for a unique health identifier number for each individual American. However, the Clinton Administration has said no proposal for patient identifier numbers will be implemented until privacy protections, as called for by HIPAA, have been put in place. n
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.