July 23, 2019

July 23, 2019

Subscribe to Latest Legal News and Analysis

July 22, 2019

Subscribe to Latest Legal News and Analysis

OCR Requests Comments on Ways to Modify HIPAA

On December 14, 2018 the Department of Health and Human Services, Office for Civil Rights (“OCR”) formally issued a Request For Information (“RFI”) seeking public input on “ways to modify the HIPAA Rules to remove regulatory obstacles and decrease regulatory burdens in order to facilitate efficient care coordination and/or case management and to promote the transformation to value-based healthcare, while preserving the privacy and security of PHI.”  OCR is seeking comments for a series of 54 different specific questions (many with additional subparts) corresponding to the following five major topic areas:  (1) the promotion of information sharing for treatment and care coordination; (2) the promotion of parental and caregiver involvement in addressing the opioid crisis and serious mental illness; (3) additional ways to remove regulatory obstacles and burdens to facilitate care coordination and promote value-based health care; (4) an effective means to implement the accounting of disclosures requirement of the HITECH Act; and (5) Notice of Privacy Practices operational practices.

While some of the questions ask for factual information (such as the typical time it takes a covered entity to transfer PHI to another covered entity), many of the questions raise larger policy issues.  For example, the RFI includes a series of questions on whether it would make sense to have health care clearinghouses play a much more direct role in providing information to individuals, whether health care clearinghouses should be treated only as covered entities, and if so, could other covered entities impose contractual obligations on the health care clearinghouses to protect PHI without the use of a business associate agreement.  Similarly, the RFI includes multiple questions on whether the OCR could amend the Privacy Rule to allow for better coordination for patients suffering from a substance abuse disorder or serious mental illness, and how such changes might interact with current state privacy laws and 42 CFR Part 2 that would otherwise prohibit the sharing of such information.

From an operational perspective, the RFI requests comments on how to effectively implement the HITECH Act requirement to provide an accounting of all disclosures made through an electronic health record and whether requiring providers to make a good faith effort to obtain written acknowledgement from a patient that they have received a Notice of Privacy Practices places an unnecessary burden on providers, and perhaps inadvertently confuses patients.

OCR is requesting comments to the elucidated questions on or before February 12, 2019.

©2019 Epstein Becker & Green, P.C. All rights reserved.

TRENDING LEGAL ANALYSIS


About this Author

Patricia M. Wagner, Epstein becker green, health care, life sciences
Member

PATRICIA M. WAGNER is a Member of the Firm in the Health Care and Life Sciences and Litigation practices, in the firm's Washington, DC, office. In 2014, Ms. Wagner was selected to the Washington DC Super Lawyers list in the area of Health Care.

Ms. Wagner's experience includes the following:

Advising clients on a variety of matters related to federal and state antitrust issues 

Representing clients in antitrust matters in front of the Federal Trade Commission and the United States Department of...

202-861-4182