Thursday, July 19, 2007

HIPSA: The Health Information Privacy and Security Act of 2007

Revising HIPAA
Yesterday, July 18, 2007, Senators Leahy and Kennedy introduced legislation to revise HIPAA. Although Section 215 makes disclosure exceptions for “Law Enforcement, National Security, and Intelligence”, the new bill would tighten HIPAA loopholes. The bill “requires that any health information intended to be used for medi[c]al research first be stripped of personally identifying information to protect an individual’s privacy”. Senator Leahy's website provides a copy of the statement and a summary of the legislation:

Additional Excerpts from Leahy’s Statement:

    Our bill also requires that patients be notified of a data security breach involving their health information within 15 days of discovery of the breach. ....

    [O]ur bill addresses the growing fear of many Americans that they will not be able to obtain important health information about a parent or child in situations involving a medical emergency, because of confusion about the requirements of current health privacy laws. ....

    The bill also establishes a national office of health information privacy within the Department of Health and Human Services to aid American consumers in learning about their health privacy rights. ....

    The bill makes it a federal crime to knowingly and intentionally disclose or use sensitive health information without an individual’s consent. Violators of this provision are subject to a criminal penalty of up to $500,000 and up to 10 years in prison, if the violation is committed with the intent to sell or use sensitive health information for economic gain.

To read the full statement and a summary of the legislation: Visit Sen. Leahy's press release at:

Related Press:
Sen. Leahy cites “Keeping Patients’ Details Private, Even From Kin”. July 3, 2007, The New York Times.

Also see: “Senators introduce stringent health records privacy bill”. Government Health IT, July 18, 2007.

No comments: