The Health and Human Services Department published a rule Aug. 19 that requires healthcare providers and health plans to alert patients to unauthorized access of their health information. The regulations apply to physicians and their offices, hospitals, insurance plans and other healthcare organizations covered by the Health Insurance Portability and Accountability Act (HIPAA).

Healthcare providers and other groups covered by HIPAA must promptly notify affected persons of a breach of their protected health data, as well as the HHS secretary and the media in cases where a violation affects more than 500 people. Healthcare groups also must report annually to HHS breaches that affect fewer than 500 people. The regulation also requires that business associates of organizations that are governed by HIPAA inform the covered group of unauthorized use or access of health information.

The rule makes sure that HIPAA-covered healthcare organizations and their business associates are accountable for properly safeguarding unsecured private information in their care, said Robinsue Frohboese, acting director and principal deputy director of HHS’ Office for Civil Rights, which has responsibility for the enforcement of HIPAA privacy and security.

“These protections will be a cornerstone of maintaining consumer trust as we move forward with meaningful use of electronic health records and electronic exchange of health information,” Frohboese said.

The final definition of the “meaningful use” of electronic health records that will be used to determine eligibility for incentive payments under the economic stimulus program will not be available until the middle or end of spring 2010. That’s the prediction of David Blumenthal, M.D., national coordinator for health information technology, who held a press conference Aug. 20.

The Health IT Standards Committee this week set up a “glide-path” for the adoption of SNOMED CT as the standard clinical vocabulary for electronic heath information healthcare providers must use in order to qualify as meaningful users of health IT under the economic stimulus plan.

Alaska wants to build a statewide health information exchange. The state’s Department of Health and Social Services earlier this month published a notice seeking Alaska-based organizations to create a statewide clinical information-sharing system.

The federal advisory committee that makes recommendations on electronic health records today approved the concept of establishing a preliminary federal certification process that would begin in October and continue until the fiscal 2011 regulations are in place.