The U.S. Department of Health & Human Services (HHS) has released final changes to the privacy regulations issued under the Health Insurance Portability and Accountability Act (HIPAA). The changes were published in the Federal Register on August 14.

CMA has been awaiting the final regulations, which protect the privacy of computerized medical records-including who can have access to the records and what level of patient permission is required to release them. Of greater concern to CMA, its members, and their patients, are the security rules, which have not yet been finalized. The security regulations are expected to require physicians who conduct business electronically to verify their own identities through the use of security technologies like the digital certificates provided free to CMA members through MEDePASS, a CMA subsidiary. This will prevent unauthorized third parties from accessing and/or altering computerized medical records. The security regulations are expected to be finalized by this fall.
 The changes to HIPAA's privacy regulations were foreshadowed by proposed amendments HHS published in March. The final regulations include the proposed changes with few major differences.

The most important change is that physicians no longer must obtain written patient consent before using protected health information for treatment, payment, and health care operations. The final regulation requires that physicians inform patients of their privacy practices in a written notice and make a good faith effort to get written confirmation from the patient of the receipt of that information.

For more information, including a copy of the final privacy regulations, click here .