HIPAA guidance for the world that followed HIPAA (finally): HIEs, PHRs, etc., and how they may be brought under the big tent of HIPAA.

OCR release from late yesterday:

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has published new HIPAA Privacy Rule guidance as part of the Department’s Privacy and Security Toolkit to implement The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (Privacy and Security Framework).  The Privacy and Security Framework and Toolkit is designed to establish privacy and security principles for health care stakeholders engaged in the electronic exchange of health information and includes tangible tools to facilitate implementation of these principles.  The new HIPAA Privacy Rule guidance in the Toolkit discusses how the Privacy Rule supports and can facilitate electronic health information exchange in a networked environment.  In addition, the guidance includes documents that address electronic access by an individual to his or her protected health information and how the Privacy Rule may apply to and supports the use of Personal Health Records. 


These new HIPAA guidance documents are available on the OCR Privacy Rule Web Site.  See also more information on the Privacy and Security Framework and other documents in the Privacy and Security Toolkit.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting