A notice in the Federal Register this week has understandably generated a lot of comment in the health IT community. Here’s the summary from the notice:
SUMMARY: In accordance with the Privacy Act, we are proposing to modify or alter an existing SOR, “Program Information Management System (PIMS),” System No. 09-90-0052, published at 67 FR 57011, September 6, 2002. First, we propose to add a new authority, the Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5), to those under which OCR collects information. Second, we propose to add three new purposes of the PIMS system. Third, we propose to add six new routine uses to the PIMS system. Fourth, we propose to expand the categories of information stored in the PIMS system to include information that covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their business associates report to the Secretary with respect to a breach of protected health information.
CORRECTION: In a previous version of this post, I pointed out that it seemed that HHS could continue to shield private practitioner’s names, an issue I raised with both HHS and certain members of Congress and that I have discussed on this site a number of times. Dom Nicastro reports that he received confirmation that HHS will now begin to post names after the proposed rule goes into effect, as the “routine use” will reportedly trump the Privacy Law exemption. This is good news indeed!