William Pewen, who was involved in drafting the language in ARRA, has an excellent commentary on Health Affairs Blog:
On July 28 the Obama Administration surprised many in the health sector by withdrawing a pending Department of Health and Human Services (HHS) final “breach notification” rulegoverning when consumers must be informed of illicit access or use of their medical records. With this exceptional action, the Administration now has a critical opportunity to correct a rule which undermined congressional efforts to secure medical records. Contrary to the underlying statutory language – which I took the lead in drafting as the senior health advisor to Senator Olympia Snowe (R-ME) – the rule drafted by HHS to implement the statute would have allowed medical providers to bypass notification if they themselves decided that consumers had not been harmed by a breach.
Withdrawal of the rule is a positive step. However, efforts to weaken consumer privacy protections will resume. Industry will once again attempt to block efforts to promote transparency and data security, and support for health information technology (IT) will erode if Americans find Washington unresponsive in protecting their health information.
Read more of his thoughtful commentary on Health Affairs Blog.