YubaNet is powered by your subscription
April 3, 2020 – Health and Human Services announced today it will reduce privacy safeguards for personal health data.
Under the federal patient privacy law (HIPAA), a third party “business associate” that receives personal data from a health care provider or insurer must have express permission to redisclose the data. HHS has now suspended that protection, as long as “business associates” disclose personal health data in “good faith” for “public health activities” and provide notice within 10 days.
There was no opportunity for public comment on the rule change. Previously, HHS announced that it would not take enforcement action against health care providers that violate the HIPAA when consulting with patients remotely.
EPIC is a public interest research center in Washington, DC. EPIC was established in 1994 to focus public attention on emerging privacy and civil liberties issues and to protect privacy, freedom of expression, and democratic values in the information age. www.epic.org