HIPAA Enforcement Expectations and Updates for 2019

Obermayer Rebmann Maxwell & Hippel LLP
Contact

Summing up the results of the previous year, regulatory experts have noted that more than half of the businesses punished for HIPAA lapses in 2018 involved well-known big business entities making it a notable theme of the year. While some experts say that regulators may be relaxing the enforcement of the regulation, others remain confident that the Department of Health and Human Services (HHS) will be committed to a robust HIPAA enforcement in 2019.

To make predictions for the new year, experts are looking at the enforcement trends in the past few years, and 2018 in particular. On the one hand, the number of entities punished in 2018 looks less impressive compared to 2016, when the HHS’s Office of Civil Rights (OCR) announced 13 enforcement actions, collecting a record $23.5 million in settlements and fines. On the other hand, although year 2018 saw only 10 enforcement actions, the total payouts reached $25.7 million including the standout record-smashing $16 million settlement with Anthem, Inc. for data breach involving 79 million people. While the HHS OCR supports deregulation by Trump’s administration, experts are skeptical that OCR enforcement will slow down in the new year.  As was announced by the OCR Director Roger Severino in October 2018 at the 11th annual HIPAA conference by the National Institute of Standards and Technology, his statement made one year earlier that OCR was looking for “big, juicy, egregious” cases, allowed the federal agency to collect $45M in penalties in the period between January 2017 and October 2018. According to some experts, the 2018 enforcements targeting deep-pocketed healthcare entities confirmed the agency’s desire for big settlements. Others believe that sanctions against high-profile entities could be a mere coincidence and the tendency in 2018 showed that OCR’s enforcement strategies are changing. One thing is clear, some changes to HIPAA requirements are on the way. According to Severino, OCR is currently seeking to eliminate certain regulatory requirements that obstruct the provision of healthcare, and the agency is working hard to eliminate the burdens to allow providers to concentrate on patient treatment.

In mid-December of 2018, the HHS OCR requested public comments on potential changes to HIPAA regulations. The Request for Information (RFI) seeks public input on improving care coordination and reducing the regulatory burden. The effort is to get input from providers, patients and industry professionals on how to improve some of the administrative aspects of HIPAA. The main focus of the RFI is on HIPAA privacy rule which could be modified to promote coordinated, value-based healthcare by promoting information sharing for adults in healthcare emergencies. The OCR is concerned that current regulation “impedes the transformation to value-based health care, and limits or discourages coordinated care” without enhancing patient privacy. The agency is considering to require the sharing of protected health information (PHI) among health care providers, not simply allow it. Such mandatory, rather than permissive PHI sharing could potentially improve coordination of care, improve the value-based care of mental disorders and promote the fight against the opioid crisis. “We are looking for candid feedback about how the existing HIPAA regulations are working in the real world and how we can improve them,” said Severino. “We are committed to pursuing changes needed to improve quality of care and eliminate the undue burdens on covered entities while maintaining robust privacy and security protections for individuals’ health information.” Public comments are due by February 11, 2019; the RFI is available at https://www.federalregister.gov/public-inspection/

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Obermayer Rebmann Maxwell & Hippel LLP | Attorney Advertising

Written by:

Obermayer Rebmann Maxwell & Hippel LLP
Contact
more
less

Obermayer Rebmann Maxwell & Hippel LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.