Printer Friendly, PDF & Email

Privacy Briefs: May 2019

◆ HHS announced it is extending the public comment period by 30 days for two proposed regulations aimed at promoting the interoperability of health information technology and enabling patients to electronically access their health information. The new deadline for the submission of comments—June 3—will allow additional time for the public to review the proposed regulations, HHS says. The extension of the public comment period coincides with a release by the HHS Office of the National Coordinator for Health Information Technology of the second draft of the Trusted Exchange Framework and Common Agreement, along with a related notice of funding opportunity. HHS OCR also has released a set of frequently asked questions. See the announcement at

◆ Amazon Inc.’s digital assistant Alexa has added new health care skills, which are being rolled out in a limited capacity at six different health care organizations. According to Amazon, the new Alexa health care skills that launched in April include the ability to check the status of a home delivery prescription and request Alexa notifications (in use at pharmacy benefits manager Express Scripts), the ability to manage health improvement goals and earn personalized wellness incentives (in use at a large employer insured by Cigna), the ability to provide updates to providers on progress following surgery (in use at Boston Children’s Hospital), the ability to locate an urgent care center and schedule a same-day appointment (in use at Providence St. Joseph Health and at Atrium Health), and the ability for patients with diabetes to track blood sugar levels and receive personalized health information (in use at Livongo, a digital health company). Amazon is currently providing a HIPAA-eligible environment to select skill developers as part of an invite-only program. Learn more at

◆ Chicago-based Rush System for Health says personal information from about 45,000 patients may have been compromised in a data breach. The health system said in a recent financial filing that exposed data may include names, addresses, dates of birth, Social Security numbers and health insurance information. Rush said the breach, which occurred after an employee of one of Rush’s financial services vendors improperly shared a file with an unauthorized third party, did not include medical information. The breach likely occurred in May 2018, and was discovered on Jan. 22. Read more at

This document is only available to subscribers. Please log in or purchase access.