The GAO has issued a report entitled “Prescription Drug Data: HHS Has Issued Health Privacy and Security Regulations but Needs to Improve Guidance and Oversight.” The report assesses the extent to which HHS has established a framework to ensure the privacy and security of Medicare beneficiaries’ protected health information when data on prescription drug use are used for purposes other than direct clinical care. According to the GAO, while HHS has issued regulations (including HIPAA Privacy and Security Rules) to safeguard protected health information from unauthorized use and disclosure, the Department has not issued all required guidance or fully implemented required oversight capabilities. For instance, the GAO notes that HHS has not issued required implementation guidance to assist entities in de-identifying personal health information, including when it is used for purposes other than directly providing clinical care to an individual. The GAO also found that HHS does not have plans for establishing a sustained capacity to audit covered entities’ compliance with HHS privacy and security requirements. GAO therefore recommends that HHS issue de-identification guidance and establish a plan for a sustained audit capability; HHS generally agreed with the recommendations.
Register Now As you are not an existing subscriber please register for your free daily legal newsfeed service.Register
If you have any questions about the service please contact email@example.com or call Lexology Customer Services on +44 20 7234 0606.
GAO examines HHS action on privacy and security of prescription drug data
If you are interested in submitting an article to Lexology, please contact Andrew Teague at firstname.lastname@example.org.
Group Manager, Legal and Business Services
Australian Grand Prix Corporation