May 21, 2019

May 20, 2019

Subscribe to Latest Legal News and Analysis

Changes Ahead for HIPAA?

As we discussed last week, the Department of Health and Human Services (HHS) recently published its semi-annual regulatory agenda.  In addition to the proposed rules on fraud and abuse, drug pricing, digital health, and devices, the agenda includes topics that could bring significant changes to HIPAA regulations and other health care privacy rules.

On the enforcement side, HHS plans to issue a request for information on a proposal to share a percentage of money paid by health care organizations through civil monetary penalties or monetary settlements resulting from data breaches with the affected individuals.  The request was supposed to be issued in November but has been pushed to January.  There is currently no clear methodology for determining when an individual is harmed by a data breach and how much money any one individual would deserve for the resulting harm.  This determination would be particularly difficult for large data breaches involving hundreds, if not thousands, of unspecified victims whose information may have been left vulnerable but not actually exploited.

HHS’s list also includes a request for information on whether HIPAA regulations are stalling progress toward increased care coordination and value-based payment systems, both of which require sharing of patient information.  As providers are encouraged to work together more to improve patient outcomes and decrease costs, the flow of information between them can be restricted due to HIPAA concerns. 

Finally, the list includes another topic often seen as another impediment to coordination of care: 42 CFR Part 2.  HHS plans to release a notice of proposed rulemaking in March 2019.  This move comes after Congress failed to pass a bill aligning 42 CFR Part 2 with HIPAA.  The legislation would have permitted providers to share information about patients subject to 42 CFR Part 2 for the purpose of treatment, payment, and operations such patients, similar to HIPAA.  The change would have promoted patient treatment and outcomes, which is particularly important in light of the current opioid epidemic, but Congress decided not to add it to the final opioid package passed in September.

We will be closely monitoring these proposals. Stay tuned.

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Sarah Beth S. Kuyers, Mintz Levin, nonprofit affiliation lawyer, health care systems attorney
Associate

Sarah Beth’s practice focuses on advising health care providers, PBMs, and laboratories on a variety of regulatory issues.

Prior to joining Mintz Levin, Sarah Beth worked as a law clerk with the health staff of the US Senate Committee on Finance, where she researched policy, regulations, and legislation regarding commercial insurance reform, health IT, Medicare, Medicaid, and the Affordable Care Act. She also drafted legislation.

In addition, Sarah Beth worked as a law clerk for a legal practice in Washington, DC. Her...

202.434.7453