The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...02 May 2016
HHS issues a model privacy notice for Personal Health Records and proposed regulations to grant patients the right to access lab results directly
Today the U.S. Department of Health and Human Services (HHS) issued a voluntary privacy notice for Personal Health Records (PHRs) as well as new proposed rules that would expand the rights of patients to access test result reports directly from clinical laboratories covered by HIPAA. Both announcements were part of a HHS Consumer Health IT Summit.
The PHR model privacy notice is intended for use by PHR companies. HHS describes the notice as like the nutrition labeling information required on food in the U.S., in that it is designed to present complex information in an understandable format. HHS provides a template that PHR companies can use to populate with its own data practices. The goal is to provide transparency about privacy practices. HHS expects that companies will continue to make a more in-depth privacy notice available as well.
HHS also has issued a proposed rule (PDF) to allow patients to directly access their own lab results. This proposed rule would amend the Clinical Laboratory Improvement Amendments of 1988 (CLIA) regulations to specify that, upon a patient’s request, the laboratory may provide access to completed test reports that, using the laboratory’s authentication process, can be identified as belonging to that patient. This proposed rule will be published in the federal register on September 14 with an expected 60 day comment period.