JHITA reviews comments on HIPAA standards

The Joint Healthcare Information Technology Alliance (JHITA) has reviewed the comments for the Department of Health and Human Services’ (HHS) proposed rule on security and electronic signature transactions. The standards were mandated under the Health Insurance Portability and Accountability Act of 1996.

The comments have been posted on the Administration Simplification Web site at http://aspe.os.dhhs.gov/admnsimp/.

"It is clear that health care providers and organizations are asking the HHS [in Washington, DC] to provide more direction in implementing the provision during the writing of the final rule," JHITA states. Most of the comments submitted came from insurance companies, state government offices, consumer organizations, and advisory committees.

The comments on the proposed rule expressed concerns about the following:

- The proposed rule does not say how it will be implemented in light of privacy legislation expected to come from Congress.

- The rule is not clear about what it specifically requires.

- The rule only sets forth procedures and does not establish any specific standards to ensure the security of health care information.

- The rule does not set forth any penalties for not complying with the procedures.

- The rule needs additional definitions, such as "agents" of health plans.

- The rule provides specific requirements that were overly excessive or restrictive.

- The rule does not classify telephone, voice mail or fax transmissions as electronic transactions, although they are the most common ways organizations share information.