Are HIPAA Changes Coming?

by  Wyn Staheli, Director of Content - innoviHealth
Dec 18th, 2018

On December 14, 2018, the Office for Civil Rights (OCR) issued a Request for Information (RFI). They are considering making changes to some of the HIPAA regulations. Earlier this year at the HIMSS (Healthcare Information and Management Systems Society) meeting, Roger Severino, the head of the Office for Civil Rights (OCR) gave a presentation in which he outlined some possible changes to the HIPAA regulations. This RFI is the first step.

According to the release,“OCR seeks information on the provisions of the HIPAA Rules that may present obstacles to, or place unnecessary burdens on, the ability of covered entities and business associates to conduct care coordination and/or case management, or that may inhibit the transformation of the health care system to a value-based health care system.”

They are seeking input on:

• "Promoting information sharing for treatment and care coordination and/or case management by amending the Privacy Rule to encourage, incentivize, or require covered entities to disclose PHI to other covered entities.
• Encouraging covered entities, particularly providers, to share treatment information with parents, loved ones, and caregivers of adults facing health emergencies, with a particular focus on the opioid crisis.
• Implementing the HITECH Act requirement to include, in an accounting of disclosures, disclosures for treatment, payment, and health care operations (TPO) from an electronic health record (EHR) in a manner that provides helpful information to individuals, while minimizing regulatory burdens and disincentives to the adoption and use of interoperable EHRs.
• Eliminating or modifying the requirement for covered health care providers to make a good faith effort to obtain individuals' written acknowledgment of receipt of providers' Notice of Privacy Practices, to reduce burden and free up resources for covered entities to devote to coordinated care without compromising transparency or an individual's awareness of his or her rights."

One thing mentioned by Severino at HIMSS was that the OCR was considering requesting information on how some of the settlements and civil monetary penalties it collects can be directed to the victims of healthcare data breaches and HIPAA violations. That topic was not included in this particular RFI, but it might be something to consider when making your comments.

These are all issues that have presented problems and we encourage you to let your voices be heard to make changes that are beneficial to the healthcare community.

Comments are due by February 11, 2019 so if you want to provide feedback, use one of the following and reference RIN 0945-AA00 or Docket HHS-OCR-0945-AA00:

• Federal eRulemaking Portal. You may submit electronic comments at http://www.regulations.gov by searching for the Docket ID number HHS-OCR-0945-AA00. Follow the instructions for sending comments.
• Hand-Delivery or Regular, Express, or Overnight Mail: U.S. Department of Health and Human Services, Office for Civil Rights, Attention: RFI, RIN 0945-AA00, Hubert H. Humphrey Building, Room 509F, 200 Independence Avenue SW, Washington, DC 20201.