Health Information: First-Year Experiences under the Federal Privacy Rule
GAO-04-965
Published: Sep 03, 2004. Publicly Released: Oct 04, 2004.
Skip to Highlights
Highlights
Issued under the Health Insurance Portability and Accountability Act of 1996, the Privacy Rule provided new protections regarding the confidentiality of health information and established new responsibilities for providers, health plans, and other entities to protect such information. GAO reviewed (1) the experience of providers and health plans in implementation; (2) the experience of public health entities, researchers, and representatives of patients in obtaining access to health information; and (3) the extent to which patients appear to be aware of their rights.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Health and Human Services | To reduce unnecessary burden on covered entities and to improve the effectiveness of the Privacy Rule, the Secretary of Health and Human Services should modify the Privacy Rule to (1) require that patients be informed in the notice of privacy practices that their information will be disclosed to public health authorities when required by law and (2) exempt such public health disclosures from the accounting-for-disclosures provision. |
Closed – Not Implemented
HHS continues to monitor the experience of covered entities regarding the accounting for disclosures provisions of the Privacy Rule to determine whether modification of the Rule is required. If HHS determines that a change in the Privacy Rule is necessary, it will issue a Notice of Proposed Rulemaking. However, HHS has not yet issued notice proposing changes to the Privacy Rule.
|
| Department of Health and Human Services | To reduce unnecessary burden on covered entities and to improve the effectiveness of the Privacy Rule, the Secretary of Health and Human Services should conduct a public information campaign to improve awareness of patients' rights under the Privacy Rule. |
Closed – Not Implemented
HHS Office for Civil Rights (OCR) continues to disseminate information to consumers through various means, including a toll-free call line and a website that now includes two new fact sheets and an expanded Frequently Asked Questions section. HHS OCR also has developed a Spanish-language fact sheet as part of a campaign to reach out to consumers in Hispanic-dominant communities. The efforts by HHS OCR do not appear to fulfill GAO's recommendation that it conduct a public information campaign to improve awareness of patients' rights under the Privacy Rule.
|
Full Report
Office of Public Affairs
Topics
Confidential communicationsConsumer protectionHealth information privacyInformation disclosureMedical recordsPrivacy lawRight of privacyPatients' rightsPrivacy rightsHealth care information