The IT Law Wiki
The IT Law Wiki

Citation[]

Government Accountability Office, Prescription Drug Data: HHS Has Issued Health Privacy and Security Regulations but Needs to Improve Guidance and Oversight (GAO-12-605) (June 22, 2012) (full-text).

Overview[]

Prescribing medications and filling those prescriptions increasingly relies on the electronic collection of individuals' health information and its exchange among health care providers, pharmacies, and other parties. While this can enhance efficiency and accuracy, it also raises privacy and security concerns.

Federal law establishes the authority for the Secretary of HHS to develop standards for protecting individuals' health information (which includes Medicare beneficiaries) and to ensure that covered entities (such as health care providers and pharmacies) and their business associates comply with these requirements.

The Medicare Improvements for Patients and Providers Act of 2008 required the GAO to report on prescription drug use data protections. GAO's specific objective for this review was to determine the extent to which HHS has established a framework to ensure the privacy and security of Medicare beneficiaries' protected health information when data on prescription drug use are used for purposes other than direct clinical care.

GAO recommended that HHS issue de-identification guidance and establish a plan for a sustained audit capability.