« Return to News Archives

Public Comment Period Open for HIPAA Privacy and Security Standards

Thursday, June 18th, 2009

Washington, D.C. June 18, 2009 – As part of its commitment to a comprehensive review of its standards, URAC, a leading health care accreditation and education organization, today called for public comment on revisions to its Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security standards. URAC welcomes purchasers, policy makers, consumers, health care providers, health care management organizations, health plans, electronic medical records and software companies to review the revised standards and provide feedback now through August 3, 2009.

“In order to establish effective standards that protect consumers’ most intimate information, URAC wants to leverage the expertise of key stakeholders that can help us better understand current practices and challenges within the industry,” said Doug Metz, DC, Chair of URAC’s Health Standards Committee (HSC) and Executive Vice President and Chief Health Services Officer for American Specialty Health. “The Health Standards Committee completed its review of the changes last month, and now we want to provide the public an opportunity to comment.”

URAC annually considers each one of their over 25 accreditation programs for revision to ensure that any changes to the health care industry, or specific regulations, are reflected in their standards. The Privacy provisions outlined in President Obama’s economic stimulus package, the American Recovery and Reinvestment Act (ARRA), promoted the need for URAC to update its HIPAA Privacy and Security standards to ensure that URAC accredited companies meet the new ARRA privacy provisions, which are either presently, or will be in effect by February 17, 2010.

“We know how difficult it is to navigate all of the requirements for HIPAA compliance,” said Bill Braithwaite, Member of URAC’s HIPAA Accreditation Committee. “That is why URAC is committed to helping educate our clients and ensuring that by meeting our high quality standards, they are positioned to gain HIPAA compliance. We also want consumers to feel confident sharing their most personal health information. By working with industry leaders to continually improve our standards, we are also giving consumers that degree of security and comfort.”

Under the ARRA provisions, business associates, such as attorneys, third party administrators, regional health information exchanges, data analysts, claims processors, or billing benefits managers for health care providers, must also comply with 32 security standards, as well additional privacy standards depending upon their access to electronic protected health information through the services they provide to covered entities such as a health care provider or health plan.

The proposed ARRA revisions also include civil and criminal penalties, which require organizations to provide training on the various penalties, the fine amount and under what circumstances they apply. In addition, ARRA has specific guidelines expanding the enforcement powers of State Attorneys General. Under the new regulations, State Attorneys General will have the authority to work on behalf of state’s residents to bring civil actions, stop violations, or obtain monetary damages. Although state action is limited while federal action is pending, this applies to all covered entities, business associates and individuals, with access to private patient information.

The revised URAC HIPAA Privacy and Security standards are available for review and comment at https://www.urac.org/publiccomment/. The deadline for public comment is August 3, 2009. After public comment, additional revisions will be made. Final draft standards and measures are expected to be reviewed by URAC’s Board of Directors in October 2009.

###

For 25 years, URAC has been the independent leader in promoting health care quality through accreditation, education, and measurement. URAC offers a wide range of quality benchmarking programs that reflect the latest changes in health care and provide a symbol of excellence for organizations to showcase their validated commitment to quality and accountability. URAC’s evidence-based measures and standards are developed through inclusive engagement with a broad range of stakeholders committed to improving the quality of health care.

For more information about URAC, contact us.

Interested in accreditation?
Contact businessdevelopment@urac.org

Code of Conduct | Privacy Policy | Terms of Use

Social Media TextFollow us on FacebookFollow us on TwitterFollow us on Linked In