Proposed HIPSA Legislation Intends to Tighten Privacy Rules

January 1, 2008

Sens. Leahy and Kennedy have introduced the Health Information Privacy and Security Act of 2007 (HIPSA), which if enacted into law, would require HHS to revise HIPAA.

Key Points

Current federal and certain state laws require certain healthcare companies to take steps to safeguard protected health information. For instance, the Privacy Rule, a federal regulation under HIPAA, imposes restrictions on the use and disclosure of protected health information. Under the rule, a health plan, clearinghouse, or provider that transmits health information in electronic form in connection with specified financial and administrative transactions may not use or disclose the protected information unless the individual authorizes the use or disclosure, or unless the rule explicitly permits or requires the use or disclosure. State laws that parallel the rule may, in some cases, apply more broadly or impose additional requirements.

Companies should not only ensure that they are in compliance with HIPAA and related state laws, they should monitor this proposed legislation as well.

This column is written for informational purposes only and should not be construed as legal advice.

Barry Senterfitt is a partner in the insurance industry practice of Akin Gump Strauss Hauer & Feld LLP in the firm's Austin, Texas, office.

Janet Farrer is an associate in the Austin office of Akin Gump Strauss Hauer & Feld.