Patient health information should be private and secure to protect information from being leaked or told to other people. However, there have been recent pushes for a change in the privacy rule to allow for greater access to patient information and coordinated treatment plans across various entities. Let’s see how this change can affect the healthcare industry – and whether it will be for better or worse.
HIPAA Privacy Rule Changes – How does this affect HIPAA law?
There has been a recent push for change in the HIPAA privacy rule. This rule is a subset of an important component of the overarching HIPAA regulations, a federal law that protects patient information from being leaked or unfairly told to other medical or non-medical professionals. By preventing those in the healthcare industry from leaking important and sensitive information, patients can ensure their privacy is respected while visiting doctor’s offices and undergoing their yearly checkups.
The HIPAA law, also known as the Health Insurance Portability and Accountability Act, is an important step in the protection of patients when it comes to medical professionals. Along with medical personnel not being able to unlawfully tell other people patient information without consent, this law also states that patients have the right to ask about getting more detailed information regarding their health status.
Within the HIPAA law, the privacy rule is a subset that refers to the punishment set forth if a healthcare entity does not follow the HIPAA regulations in keeping patient information private. In recent months, there has been a proposed change to this privacy rule – let’s see how this change can lead to coordinated care – or lead to a new and confusing rule.
The Office for Civil Rights at the Department of Health and Human Services issued a request for a change to the HIPAA privacy years ago, back in late 2018, to push the change to this long-standing rule. The organization released a new referendum called the Notice of Proposed Rulemaking to the public 2 years later, in December of 2020, and published the potentially new rule one year later in January of 2021.
Once the possible new rule was published in the Federal Register, the public took an interest in this change to the HIPAA Rule. The general public provided comments and concerns regarding the proposed law from March 22, 2021, to May 6, 2021.
Those who read and reviewed the ‘new’ privacy rule had both comments and concerns regarding the changes. The comments typically referred to the goals of the rules and the compliance that was required for the rule to succeed.
Some common comments on the proposed new rule included the following:
- People who read and review the proposed privacy rule agree with the goals of the Proposed Law, such as increasing the access of patient information and removing any obstacles that get in the way of coordination among health professionals.
- One negative comment that was common among readers of this Proposed Law included concern regarding the complicated framework that ensured HIPAA requirements, which were more dominant over other lawful concerns.
- Furthermore, the healthcare entities covered in the HIPAA law, such as healthcare plans, healthcare providers, and certain businesses, would face additional problems that could lead to potentially inconsistent enforcement of the new privacy rule.
Proposed Changes to the HIPAA Privacy Rule that could Change HIPAA Law
The proposed change to the privacy rule was meant to increase patient access to healthcare information and reduce any barriers that made it difficult to coordinate between different healthcare entities, allowing a more comprehensive plan and healthcare access. The main focal point of this rule focused on requiring the covered entities to update their current procedures, plans, security measures, notice of privacy practices, disclosure information, and business agreements to allow for a simpler way of obtaining health information.
The main changes that would affect the privacy rule included the following:
- Changes to the Notices of Privacy Practices – the new potential rule got rid of the requirement that an entity, such as a healthcare provider, needs a patient’s signature. Instead of requiring a signature or approval method, a patient has the right to discuss the details of the Notices of privacy practices with the healthcare provider in person to determine compliance. The proposed rule also would change the Notices of privacy practices to add information about the best ways patients can access their healthcare information, file a complaint, or contact healthcare personnel.
- Remove any hardships to coordinate healthcare – the proposed rule for changes to the HIPAA law also demands that healthcare personnel and healthcare providers can disclose personal health information to entities that work together for the patient’s overall health. These healthcare entities with patient information to properly work with and diagnose a patient include social services, community organizations, and home-based providers that need to treat a person’s coexisting conditions.
- Increased scope of the disclosure in case of emergencies – in the case of emergencies, the proposed rule states that healthcare providers and professionals can tell personal patient information to help fully treat and care for patients who have substance abuse problems, mental health concerns, and other immediate health emergencies that require treatment. More specifically, entities covered under the scope of HIPAA law are able to disclose patient health information if they are a threat to themselves or a threat to others.
- Increase patient access to their own health information – the new privacy rule under HIPAA law proposes that individuals have easier and greater access to their personal health information, allowing patients to take photos of their files, access their files from their own home, and use resources to view their health information when not in a healthcare setting. The proposed rule also states healthcare entities must provide patients with their health information no more than 15 days after requesting, instead of the current 30 days.
Changes to the HIPAA law and HIPAA privacy rule may broaden patient access to their healthcare information, allow for greater communication between healthcare industries, and provide a more comprehensive treatment plan for all patients.