June 26, 2019

June 26, 2019

Subscribe to Latest Legal News and Analysis

June 25, 2019

Subscribe to Latest Legal News and Analysis

June 24, 2019

Subscribe to Latest Legal News and Analysis

Happy New Year! Potential Changes to HIPAA Requirements on the Horizon

On December 12, 2018, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), requested public commentson potential changes to the Health Insurance Portability and Accountability Act’s regulations (HIPAA) that are perceived to be burdensome by the industry. The Request for Information (RFI) focuses on HIPAA requirements that limit or discourage coordination of care without meaningfully contributing to the protection of the privacy or security of individual’s protected health information.

In addition to promoting information sharing for treatment and care coordination, HHS also seeks broad comments on the sharing of patient information for adults facing health emergencies, with a particular focus on mental illness and the country’s ongoing opioid crisis. The RFI also touches on revisions to the accounting of disclosures requirements (reintroducing the long standing debate on this issue), and the elimination or modification of the requirement for providers to document their good faith effort to obtain an acknowledgement of receipt of the Notice of Privacy Practices.  In addition to a broad request for comments, the RFI also included 54 different questions which address a range of topics including:

  • A patient’s right to access their protected health information;
  • Timeframes for responding to information requests;
  • Potential exceptions to the minimum necessary disclosure requirements;
  • Promoting parental and caregiver involvement in care; and
  • Expanding health care clearinghouses access to protected health information.

This RFI indicates a potential substantial overhaul of HIPAA, with a particular emphasis on HIPAA’s Privacy Rule.  Public comments are due by February 11, 2019 through the Federal eRulemaking Portal or via mail.

© 2019 Foley & Lardner LLP

TRENDING LEGAL ANALYSIS


About this Author

Kelly Thompson, Foley Lardner, Healthcare lawyer
Associate

Kelly Thompson is an associate and health care business lawyer with Foley & Lardner LLP. Her practice focuses on legal services for corporations, hospitals, physician practices, and other health care providers in the areas of business law and health regulatory compliance with a focus on federal and state fraud and abuse and licensure laws. 

Ms. Thompson has assisted health care providers on various health and business law issues, including federal and state privacy laws, criminal and civil fraud and abuse laws, HIPAA, employment law,...

904.633.8901
Jennifer L. Rathburn iFoley & Lardner LLP Milwaukee data protection programs, data incident management lawyer
Partner

Jennifer L. Rathburn is a partner with Foley & Lardner LLP. Ms. Rathburn focuses on counseling clients on data protection programs, data incident management, and breach response and recovery, as well as the monetization of data, the Health Insurance Portability and Accountability Act (HIPAA), and other privacy and security issues. She is one of the founders of the Midwest Cyber Security Alliance and has a deep understanding of the complex risk, operational, and legal issues companies must address to maintain the confidentiality of, access to, and integrity of their data.

As a member of the firm’s Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices, Jennifer routinely helps clients prepare for and respond to data security incidents, from preparing incident response plans, advising on cybersecurity programs, and handling the breach notification response process. Her depth of experience in this area and her collaboration with IT, risk, forensic, dark web, communication/PR, and other data experts provides a multi-disciplinary, practical approach to client issues.

Additionally, Jennifer guides clients in all aspects of preparing for and maintaining compliance with U.S. privacy and data security laws as well as the EU’s General Data Protection Regulation (GDPR). Such efforts include conducting readiness assessments; performing data mapping and inventory; reviewing and revising privacy, data security, and incident response policies and plans; updating customer- and employee-facing privacy and consent notices as well as third-party vendor templates and agreements; evaluating the appointment of a Data Protection Officer; and educating and training board members, staff, and other key stakeholders.

414-297-5864