Last year, the US Department of Health and Human Services (HHS) proposed a quantity of alterations that would modify the HIPAA Privacy Rule. The comment period closed in May 2021. The revised rule is anticipated to be finalized this year.
“While there were quite a few changes proposed, we don’t know yet which ones will be finalized,” mentioned Madison Pool, an lawyer in Arnall Golden Gregory’s Healthcare practice and a member of the firm’s Hospitals & Health Systems sector group in Atlanta, Georgia. “However, a few of the proposed areas for changes that could have direct operational impacts include shortening the timeframe for responding to patient requests for records, increasing responsibility for facilitating patient record requests, and changes to the Notice of Privacy Practices.”
The anticipated alterations in the proposed rule will need revision of HIPAA policies, types, and processes. It would necessitate a reevaluation and probable revision to business associate agreements, particularly with regard to patient rights provisions. Health care employees will be expected to undergo education to implement the alterations. “Although there will be a period of time between when the final rule is issued and compliance is required, it will be important to get started quickly on updates,” Pool mentioned.
Daniel Lebovic, a regulatory lawyer at Compliancy Group, a Long Island, New York-primarily based organization devoted to simplifying HIPAA compliance for the entities that HIPAA regulates, mentioned some of the anticipated alterations may possibly contain permitting patients to inspect their PHI in individual and to take notes or photographs of their PHI. Another possible alter tends to make it simpler for patients to access these health-related records that are accessible to them absolutely free of charge. This alter would need providers to inform patients of the situations in which they can receive their records without having getting charged for the details. The proposed alterations also improve patients’ capability to obtain copies of their overall health details on electronic devices. Under one particular proposed alter, a patient may possibly direct that a provider send the patient’s electronic protected overall health details straight to a individual overall health app, such as FitBit or AppleHealth, Lebovic mentioned.
Another anticipated alter is expansion of the armed forces’ permission to use or disclose PHI to all uniformed services. Lebovic mentioned providers may possibly be expected to post estimated charge schedules on their sites for PHI access and disclosures. He mentioned these and other alterations are anticipated, but clinicians ought to have lots of time to update their operating systems. “It should be noted that HHS is usually fairly generous in allowing ample time to come into full compliance with regulatory changes, especially when they involve potential changes to technology assets,” Lebovic mentioned.
Laura Miller Andrew, senior counsel in the Executive Compensation and Employee Benefits and Health Care Practices of Smith, Gambrell & Russell, LLP, also in Atlanta, mentioned it has been 8 years given that any important alterations have been created in HIPAA. The COVID-19 pandemic has fundamentally altered the planet and health-related remedy. She mentioned the short-term easing of HIPAA compliance guidelines, such as these for telemedicine, neighborhood-primarily based COVID-19 testing and vaccination web sites, and disclosure of details for public overall health and oversight, will stay in spot through the pandemic. Medical practitioners ought to not be complacent, on the other hand, as OCR is anticipated to finalize the proposed alterations to the HIPAA Privacy Rule in the next 6 to 9 months. The new HIPAA privacy updates are an try to help worth-primarily based overall health care and permit for coordinated care, mentioned Andrew, who performs out of each Atlanta and Jacksonville, Florida. This transparency will need physicians to take a appear at their back workplace practices for handling protected overall health details, she mentioned.
Cybersecurity and data breaches related with electronic PHI are a increasing concern for physicians, she noted. At the similar time, the proposed HIPAA updates would need physicians to provide patients with faster access to their personal PHI. “This requirement may cause providers to possibly revamp or update their PHI access process to accommodate this more immediate access. HIPAA policies and procedures will also need to be updated to comply with the changes and communicated to both the medical staff and to patients,” Andrew mentioned.
This report initially appeared on Renal and Urology News