New Rules to Empower Patients to Increase Secure Access to their Health Information

HHS Secretary Kathleen Sebelius today proposed new rules that would expand the rights of patients to access their health information through the use of health information technology (IT). Specifically, the new rules would empower patients and allow them to gain access to test results reports directly from labs. They would ensure that labs covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provide such information, upon request, directly to patients or their personal representatives. The announcement came at the kick-off of the first-ever HHS Consumer Health IT Summit, which brought consumers, providers, and the public and private sectors together to discuss how best to empower consumers to be partners in their health and care through health IT.

“When it comes to health care, information is power. When patients have their lab results, they are more likely to ask the right questions, make better decisions and receive better care,” said Secretary Sebelius.“This Summit offers a unique opportunity for the public and private sectors alike to share strategies to improve consumer access to their health information, while safeguarding the privacy and security of their data.”

The Notice of Proposed Rulemaking (NPRM), jointly drafted by the Centers for Medicare & Medicaid Services, the HHS Office for Civil Rights (OCR), and the Centers for Disease Control and Prevention, proposes to amend the Clinical Laboratory Improvement Amendments of 1988 (CLIA) regulations and HIPAA privacy regulations to strengthen patients’ rights to access their own laboratory test result reports.

Secretary Sebelius also announced the appointment of Leon Rodriguez as the new Director of the Office for Civil Rights. Rodriguez brings his Department of Justice experience to HHS and will be dedicated to ensuring consumers’ health information is kept private and secure.

“Consumers need to know that private and secure access to their health information is a given,” stated OCR Director Rodriguez. “The privacy and security of health data will be a top priority for OCR during my tenure.”

Secretary Sebelius also unveiled today an innovative voluntary Personal Health Record (PHR) Model Privacy Notice, which creates an easy-to-read, standardized template allowing consumers to compare and make informed decisions based on their privacy and security policies and data practices about PHR products. The new template is similar to the Nutrition Facts Labels in that it presents certain complex information in a simple way to improve transparency and consumer understanding about data practices. By making this Model Privacy Notice available, PHR companies can help build greater trust in PHRs.

“As technology improves more aspects of our daily lives, it makes sense to marry cutting-edge technology with our medical and personal health records so that we can improve both the quality and efficiency of the care that people receive,” said National

Coordinator for Health Information Technology, Farzad Mostashari, M.D., Sc.M. “We are encouraging everyone to visit our website at to read our newly released Strategic Plan that sets forth our comprehensive plans for consumer empowerment for the next five years.“

The Summit highlighted vital benefits of electronic health records and health IT, including:

  • Health IT empowers patients. For example, people at risk for heart attacks may use mobile health applications to manage their weight, diet, and medication adherence.
  • Health IT can facilitate lasting quality improvements, which can lead to greater efficiency and cost savings in the long-term.
  • Health IT is driving innovation in all parts of consumers’ lives – from new interactive applications to devices like digital pedometers and other devices that capture important health information from everyday experiences.
  • Health IT helps coordinate better care, and can be a powerful tool if you or a loved one is managing a serious medical condition.
  • Health IT has robust security and all users, from patients to caregivers to doctors, can easily and safely access and share health information electronically.
  • Health IT may help diagnose health problems sooner, avoid medical errors and provide safer care which can result in lower costs.

For more information about the proposed amendments to the CLIA and HIPAA Privacy regulations, please visit

Leave a Reply

Your email address will not be published. Required fields are marked *