Happy New Year! Potential Changes to HIPAA Requirements on the Horizon
On December 12, 2018, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), requested public commentson potential changes to the Health Insurance Portability and Accountability Act’s regulations (HIPAA) that are perceived to be burdensome by the industry. The Request for Information (RFI) focuses on HIPAA requirements that limit or discourage coordination of care without meaningfully contributing to the protection of the privacy or security of individual’s protected health information.
In addition to promoting information sharing for treatment and care coordination, HHS also seeks broad comments on the sharing of patient information for adults facing health emergencies, with a particular focus on mental illness and the country’s ongoing opioid crisis. The RFI also touches on revisions to the accounting of disclosures requirements (reintroducing the long standing debate on this issue), and the elimination or modification of the requirement for providers to document their good faith effort to obtain an acknowledgement of receipt of the Notice of Privacy Practices. In addition to a broad request for comments, the RFI also included 54 different questions which address a range of topics including:
- A patient’s right to access their protected health information;
- Timeframes for responding to information requests;
- Potential exceptions to the minimum necessary disclosure requirements;
- Promoting parental and caregiver involvement in care; and
- Expanding health care clearinghouses access to protected health information.
This RFI indicates a potential substantial overhaul of HIPAA, with a particular emphasis on HIPAA’s Privacy Rule. Public comments are due by February 11, 2019 through the Federal eRulemaking Portal or via mail.