The U.S. Division of Well being and Human Providers has proposed modifications to the Well being Insurance coverage Portability and Accountability Act Privateness Rule. If enacted, these can be the largest modifications to HIPAA within the final seven years, Randi Seigel, companion at legislation agency Manatt Well being, stated in an electronic mail.
The proposed modifications, issued by HHS’ Workplace for Civil Rights, goal to enhance info sharing for care coordination, strengthen people’ engagement of their care and cut back administrative burdens on suppliers and payers. However among the most impactful provisions of the proposed modifications can also be probably the most controversial, Seigel stated.
Key provisions embrace permitting HIPAA-covered entities to reveal private well being info to social companies companies, community-based organizations and different third events that present health-related companies.
“This can be a vital change from a healthcare data-sharing perspective,” Seigel stated. “These social service companies usually are not lined entities and subsequently, they aren’t topic to HIPAA, and the non-public well being info they obtain is just not protected by HIPAA. Healthcare suppliers and plans, in addition to people, could also be involved relating to whether or not sharing this info might truly negatively affect a person, and even trigger them to lose social companies, similar to housing.”
Seigel expects a lot of stakeholder feedback relating to this alteration. Public feedback will likely be due inside 60 days after the proposed modifications are printed within the federal register.
One other key change that has been proposed includes changing the privateness commonplace that enables lined entities to make sure makes use of and disclosures of non-public well being info primarily based on their “skilled judgment.” The brand new commonplace would permit such makes use of or disclosures primarily based on the lined entity’s “good religion perception” that it’s in the very best curiosity of a person.
“[The proposed change] is extra versatile than the present commonplace” stated Reece Hirsch, co-head of legislation agency Morgan Lewis’ privateness and cybersecurity follow, by way of electronic mail. “And it will have a wide-ranging affect on many frequent conditions, similar to when a hospital is deciding whether or not to share medical info with members of the family or designated contacts throughout a well being emergency.”
Nevertheless, the presumption of an entity’s good religion “might be overcome with proof of dangerous religion,” the HHS doc states.
General, Hirsh believes that the healthcare trade will welcome the modifications, however sure new requirements would require additional clarification and will create some uncertainty for lined entities.
Seigel shared an analogous sentiment. Although some provisions — similar to people who goal to cut back the dangers of violating HIPAA when sharing info with well being plans, members of the family and social service companies — will likely be seen favorably by lined healthcare entities, the modifications additionally impose new administrative burdens, she stated. For instance, the proposed modifications require lined entities to reply to affected person entry requests inside 15 calendar days, versus the present timeline of 30 days.
“Moreover, the suppliers should change their HIPAA insurance policies, procedures, workflows, and spot of privateness practices considerably if these proposed guidelines are enacted,” she stated.
Picture credit score: Ildo Frazao, Getty Photos