Notice of Proposed Rulemaking to Implement HITECH Act Modifications
This is a notice of proposed rulemaking to implement HITECH Act modifications
Final
Issued by: Office for Civil Rights (OCR)
Notice of Proposed Rulemaking to Implement HITECH Act Modifications
HHS issued a notice of proposed rulemaking to modify the HIPAA Privacy, Security, and Enforcement Rules.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, is designed to promote the widespread adoption and standardization of health information technology, and requires HHS to modify the HIPAA Privacy, Security, and Enforcement Rules to strengthen the privacy and security protections for health information and to improve the workability and effectiveness of the HIPAA Rules.
The proposed modifications to the HIPAA Rules include provisions extending the applicability of certain of the Privacy and Security Rules’ requirements to the business associates of covered entities, establishing new limitations on the use and disclosure of protected health information for marketing and fundraising purposes, prohibiting the sale of protected health information, and expanding individuals’ rights to access their information and to obtain restrictions on certain disclosures of protected health information to health plans. In addition, the proposed rule adopts provisions designed to strengthen and expand HIPAA’s enforcement provisions.
The public is invited to comment on the provisions of the proposed rule for 60 days following publication in the Federal Register at Regulations.gov.
View the Notice of Proposed Rulemaking. - PDF
View the HHS news release announcing the Notice of Proposed Rulemaking.
View the Joint Statement on Building Trust in Health Information Exchange through Privacy and Security - PDF, issued by OCR Director Georgina Verdugo and Dr. David Blumenthal, the National Coordinator for Health Information Technology.
Frequently Asked Questions for Professionals - Please see the HIPAA FAQs for additional guidance on health information privacy topics.
HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.
DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.