It’s not a new law, but it’s a tangible, short-term step toward protecting the privacy of patient data that travels online. To address loopholes in current patient privacy legislation, the Health and Human Services Department on Thursday proposed privacy rules that would apply to vendors of technology that transmit personal health data.

The existing privacy law, the 1996 Health Insurance Portability and Accountability Act (HIPAA), mostly applies to providers and healthcare plans. It does not cover third-party health information technology companies, including Google and Microsoft, which now handle mounds of personal health data because patients, doctors and hospitals are increasingly turning to the Internet to improve care. Google and Microsoft offer so-called personal health records that patients create and control.

Thursday’s regulations would impose most of the same rules that apply to HIPAA-covered people on business partners who work with HIPAA-covered parties, such as personal health record vendors and operators of e-prescription systems. In addition, doctors and plans would be forbidden from selling protected patient information without the patient’s approval.

Click here to read the full article.