From: OCR HIPAA Privacy Rule information distribution [mailto:OCR-PRIVACY-LIST@...] On Behalf Of OS OCR PrivacyList, OCR (HHS/OS)
Sent: Monday, April 23, 2007 4:52 PM
To: OCR-PRIVACY-LIST@...
Subject: HHS Launches New Web site on HIPAA Privacy Compliance and Enforcement

Friday, April 20, 2007

HHS Launches New Web site on HIPAA Privacy Compliance and Enforcement

To coincide with the fourth anniversary of the enforcement of the HIPAA Privacy Rule, the Department of Health and Human Services (HHS) announced today the launch of an enhanced Web site that will make it easier for consumers, health care providers and others to get information about how the Department enforces health information privacy rights and standards. In launching the website, Winston Wilkinson, the Director of the HHS Office for Civil Rights, noted: "HHS has obtained significant change in the privacy practices of covered entities through its enforcement program. Corrective actions obtained by HHS from these entities have resulted in change that is systemic and affects all the individuals they serve."

The Health Information Privacy Web site provides comprehensive information about the Privacy Rule, which creates important federal rights and requirements to protect the privacy of personal health information. The enhanced Web site, http://www.hhs.gov/ocr/privacy/enforcement provides information for consumers, health care providers, health plans and others in the health care industry about HHS’s compliance and enforcement efforts. The new information describes HHS activities in enforcing the Privacy Rule, the results of those enforcement activities, and statistics showing which types of complaints are received most frequently and the types of entities most often required to take corrective as a result of consumer complaints. The other information on the Web site covers consumers’ rights to access their health information and significantly control how their personal health information is used and disclosed, as well as guidance about how to submit complaints about possible violations of the law and extensive guidance for entities who must comply with the rule.

HHS issued the patient privacy protections pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The first and only comprehensive federal privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers took effect on April 14, 2003. Developed by HHS, these standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. The regulation covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions (e.g., enrollment, billing and eligibility verification) electronically. HHS has conducted extensive outreach and provided guidance and technical assistance to providers and businesses to help them to implement the new privacy protections. These materials are available at http://www.hhs.gov/ocr/hipaa.

Delegation of Subpoena Authority

On April 16, 2007, OCR announced that the Secretary of Health and Human Services has delegated to the Director of OCR the authority to issue subpoenas in investigations of alleged violations of the HIPAA Privacy Rule and of the Patient Safety and Quality Improvement Act of 2005.

The link to the Federal Register notice is available at http://www.hhs.gov/ocr/hipaa.