HHS Requests Public Input on Modifying HIPAA

Jennifer Siegel
King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

On December 14, 2018, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), issued a Request for Information (RFI), for assistance in identifying provisions of the Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations, that may discourage coordinated, value-based care.  The RFI is available here.

Regulations issued pursuant to HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, protect patients’ medical records and other protected health information (PHI), created by or on behalf of covered entities.  These regulations provide individuals rights with respect to their PHI, including the right to access their medical and billing records and receive notice of a healthcare provider’s privacy practices.  In addition, these regulations limit the circumstances under which covered entities may disclose PHI and provide requirements for how a covered entity must notify patients and OCR regarding breaches of PHI privacy.

OCR seeks public comment on the HIPAA regulations to reach four specific goals, including: (1) promoting information sharing for treatment and care coordination and management by amending privacy rules to encourage or require covered entities to disclose PHI to other covered entities; (2) encouraging covered entities, specifically providers, to share PHI with family members and caregivers of adults facing health emergencies, especially of patients struggling with opioid addictions; (3) implementing the HITECH Act requirement to include an accounting of disclosures for treatment, payment and health care operations from electronic health records in a manner that providers helpful information, while minimizing regulatory burdens; and (4) eliminating or modifying the requirement for covered health care providers to make a good faith effort to obtain individuals’ written acknowledgment of receipt of providers’ Notice of Privacy Practices, to reduce burden, without compromising transparency or an individual’s awareness of his or her rights.

In seeking insight from healthcare providers and the public in general, OCR has propounded numerous questions related to each goal.  Example questions include: 1) the length of time that healthcare providers are required to produce requested medical records; 2) whether covered entities should be required to disclose PHI when requested by another covered entity for treatment purposes; 3) whether parents or spouses should be allowed greater access to treatment information of children or spouses who have reached the age of majority; and 4) the amount of time that covered entities take to respond to an individual’s request for an accounting of disclosures.  OCR further requests that the public provide information regarding any relevant state, or other law, containing standards that differ from existing HIPAA requirements.

Comments on the RFI are due by February 11, 2019.  All submissions received must include “Department of Health and Human Services, Office for Civil Rights RIN 0945-AA00.”

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide