Health Exchange Rule Addresses Privacy

New Insurance Exchanges Must Comply With Guidelines
Health Exchange Rule Addresses Privacy

Federal officials have released a final rule setting guidelines, including privacy and security provisions, for state insurance exchanges, called for under healthcare reform, which must begin operating by 2014.

See Also: Cyber Kill Chain: How To Keep Network Intruders At Bay

The exchanges will provide consumers and smaller employers with an easier way to shop for insurance coverage from multiple health plans. The rule, revealed on the Federal Register Public Inspection Desk March 12, will be officially published in the Federal Register March 27.

Privacy, Security Provisions

Section 155.260 of the rule from the Department of Health and Human Services spells out privacy and security provisions. Among them are:

  • Personally identifiable health information should be protected with reasonable operational, administrative, technical and physical safeguards to ensure its confidentiality, integrity and availability and to prevent unauthorized or inappropriate access, use or disclosure.
  • Anyone who uses or discloses information in violation of the Affordable Care Act (healthcare reform) will be subject to a civil penalty of not more than $25,000 per person or entity, per use or disclosure, in addition to other penalties that may be prescribed by law.
  • Exchanges may only use or disclose personally identifiable information to the extent such information is necessary to carry out their narrowly defined functions, such as to determine eligibility for enrollment.
  • Individuals should be provided a reasonable opportunity to make informed decisions about the collection, use and disclosure of their personally identifiable health information.
  • Individuals should be provided with a simple and timely means to access and obtain their personally identifiable health information in a readable format.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network