HHS proposes important changes to key aspects of HIPAA Privacy Rule
https://www.lexology.com/library/detail.aspx?
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the agency that enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA), is the latest federal agency to jump on the HHS rulemaking bandwagon issuing a Notice of Proposed Rulemaking (NPRM) on December 10, 2020, that proposes pivotal changes to key standards, definitions, and patient rights under the HIPAA Privacy Rule, which are geared toward promoting care coordination and value-based care, and empowering patients with greater access to their health information.
As we recently flagged, even amidst the chaos of a global pandemic, multiple HHS agencies, including the Office of the National Coordinator for Health Information Technology (ONC), the Centers for Medicare & Medicaid Services (CMS), and most recently, CMS and OIG, have focused their attention in 2020 on facilitating and enforcing patients’ rights to access their health information, encouraging interoperability among health information technology (IT) systems, prohibiting information blocking by key health industry stakeholders such as health care providers and health IT developers, and promoting value-based care. OCR’s NPRM is no different.
Most notably, the NPRM –
- Shortens response time for patient health record requests from 30 days to 15 days (with a 15 day extension under limited circumstances).
- Reduces identity verification burdens on patients (or their personal representatives) exercising a right under the Privacy Rule.
- Amends the definition of health care operations to permit disclosure of patient information for care coordination and case management activities, whether population-based or focused on particular individuals.
- Clarifies the minimum necessary standard with respect to care coordination and case management activities.
- Removes antiquated elements of Notice of Privacy Practices (NPP) requirements.
- Amends the permissible fee structure for responding to patient health record requests and requires covered entities to post estimated fees on their website for access and for disclosures with a patient’s authorization.
- Clarifies and facilitates family and caregiver involvement in the care of individuals experiencing emergencies or health crises.
If finalized, these proposals will require HIPAA-regulated entities to update their policies and procedures that impact daily business operations, train workforce members on updated processes, revise their Notice of Privacy Practices, renegotiate business associate agreements (BAAs) to comply with the new requirements, and coordinate compliance with the conglomerate of overlapping privacy, interoperability, information blocking, patient access, and value-based regulatory frameworks – each of which is actively transforming the way in which the health care industry shares patient information.
Further Reed Smith analysis on the NPRM is forthcoming, particularly with respect to the implications of the proposed changes on the value-based rulemakings and the new interoperability, information blocking, and patient access rules.
Filed under: General Problems
I noticed that all the my patient notes are now accessible to me in the past. When I asked about it, thinking it was a mistake, I was told that it was a change made when they put into action “The Cares Act”. Now, we can read everything your provider puts in your chart. Is that what this is partially about?
I know that our PCP office and the hospital system that owns them put the EPIC software system in the hospital and all the offices and there is a pt portal on the system and I have access to a lot more of my medical records than I use to had access to. EPIC software is apparently used by a lot of hospital system and if I have to go to a different hospital system that uses EPIC… I can give them permission to pull up my records. The more i use the system … the more I like it 🙂
What does all of this mean, Steve? Are they trying to speed up Red tape because the hospitals are overwhelmed?
– with much of the backlog coming from filings they must do to keep tire insurance companies on track, which was complex before this pandemic?
every law/rule/regulation can be subject to interpretation and/or challenged in the court system as to its constitutionality.