The US Department of Health & Human Services "has 11 operating divisions, including eight agencies in the US Public Health Service and three human services agencies. These divisions administer a wide variety of health and human services and conduct life-saving research for the nation, protecting and serving all Americans." They include the Centers for Disease Control and Prevention (CDC), the Centers for Medicare & Medicaid Services (CMS), and the National Institutes of Health (NIH). (US Department of Health & Human Services. Accessed May 7, 2018).
The Health Insurance Portability and Accountability Act of 1996 is federal legislation that provides data privacy and security provisions for safeguarding information. HIPAA regulations are promulgated by the Office for Civil Rights (OCR) in the US Department of Health and Human Services (HHS). ("What is HIPAA?" Indiana University Knowledge Base. Accessed May 9, 2018).
"The HIPAA Privacy Rule. . . introduced standards covering allowable uses and disclosures of health information, including to whom information can be disclosed and under what circumstances protected health information can be shared. The HIPAA Privacy Rule permits the sharing of health information by healthcare providers, health plans, healthcare clearinghouses, business associates of HIPAA-covered entities, and other entities covered by HIPAA Rules under certain circumstances. In general terms, permitted uses and disclosures are for treatment, payment, or health care operations. HIPAA authorization is consent obtained from a patient or health plan member that permits a covered entity or business associate to use or disclose private health information to an individual/entity for a purpose that would otherwise not be permitted by the HIPAA Privacy Rule. Without HIPAA authorization, such a use or disclosure . . . would violate HIPAA Rules and could attract a severe financial penalty and may even be determined to be a criminal act." ("What is a HIPAA Authorization?" HIPAA Journal. Accessed May 9, 2018).
The Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted as part of the American Recovery and Reinvestment Act of 2009. It was intended to promote the adoption and meaningful use of health information technology." HITECH contains specific incentives designed to accelerate the adoption of electronic health record (EHR) systems among providers. It also widens the scope of privacy and security protections available under HIPAA, increases the potential legal liability for non-compliance, and it provides for more enforcement. ("HITECH Act Enforcement Interim Final Rule." US Department of Health & Human Services. Accessed May 8, 2018).