FOR IMMEDIATE RELEASE
April 17, 2009
Contact: HHS Press Office
HHS Releases Guidance for Securing Health Information and Preventing Harm from Breaches
The U.S. Department of Health and Human Services (HHS) published guidance today regarding technologies and methodologies to secure health information and prevent harm by rendering health information unusable, unreadable, or indecipherable to unauthorized individuals. The American Recovery and Reinvestment Act required publication of the guidance by April 18. This builds on the existing requirements of the HIPAA Privacy and Security Rules, which are unchanged.
“Protecting patient privacy is a top priority and this guidance specifies proactive steps organizations can take to limit the potential harm a breach can cause,” said HHS Spokesman Nick Papas.
The guidance issued today provides steps entities can take to secure personal health information and establishes the trigger for when entities must notify that patient data has been compromised. This guidance is related to “breach notification” regulations, which will be issued by HHS and the Federal Trade Commission respectively. The HHS regulations will apply to entities covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the FTC regulation will apply to vendors of personal health records and certain others not covered by HIPAA. The Recovery Act requires that these regulations be published within 180 days of enactment.
The guidance was developed through a joint effort by the HHS Office for Civil Rights (OCR), Office of the National Coordinator for Health Information Technology (ONC), and Centers for Medicare &Medicaid Services (CMS). The guidance released today can be read by visiting www.hhs.gov/ocr/privacy.
The guidance issued today must be updated annually but HHS may update and reissue it this year, after public comment is considered and at the same time HHS’s breach notification regulation is published.
Note: HHS Officials will host a background briefing for reporters to discuss this guidance on April 17 at 5:00 PM. Contact Nicholas.email@example.com for details on the briefing.
Note: All HHS press releases, fact sheets and other press materials are available at http://www.hhs.gov/news.
Follow HHS on Twitter @HHSgov and sign up for HHS Email Updates.
Follow HHS Secretary Kathleen Sebelius on Twitter @Sebelius .
Last revised: May 7, 2011