The Department of Health and Human Services (HHS) last Friday issued guidance specifying technologies and methodologies that can be used to secure protected health information from unauthorized individuals under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The guidance relates to a forthcoming interim final rule that will specify notification requirements for healthcare providers and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) when unsecured protected health information is breached. The HITECH Act defines “unsecured protected health information” as protected health information that is not secured through the use of a technology or methodology specified by the guidance.

In the guidance, HHS said it will accept comments on the breach notification provisions of the HITECH Act through May 21. “If we determine that the guidance should be modified based on public comments, we will issue updated guidance prior to or concurrently with the regulations,” the guidance states. The LHA and the American Hospital Association are reviewing the guidance document and plan to submit comments.

(Reprinted from AHA News Now)