Proposed Changes to the HIPAA Privacy Rule

HIPAA
January 26, 2021
Just in the last month of the year, there have been a few changes proposed to the standards of HIPAA by the Trump Administration as well as the HHS’ Office for Civil Rights. Here are all the details on that:

Proposed Changes to the HIPAA Privacy Rule 

Just in the last month of the year, there have been a few changes proposed to the standards of HIPAA by the Trump Administration as well as the HHS’ Office for Civil Rights. The HHS issued an NPRM (Notice of Proposed Rule making) regarding these potential changes, which are all a part of its “Regulatory Sprint to Coordinated Care.” These potential changes are part of a new initiative that aims to take steps towards removing any unnecessary barriers to providing care or managing the administrative aspects of the healthcare industry. 

The central goal and intent behind the proposed updates to the HIPAA Privacy Rule are to increase the efficiency and effectiveness of the healthcare system by improving the process of patients accessing their own health information upon request, without providing additional strain or weight on the healthcare professionals themselves. 

Goals of the Proposed Changes 

Following in line with the Right of Access Initiative that the HHS has been working on enforcing throughout all of 2020, the proposed changes to the HIPAA Privacy Rule include providing individuals with created access to their own protected health information (PHI). In doing so, this will encourage easier involvement of family or caretakers who may need to access PHI on behalf of someone during a crisis or emergency. Although the access for individuals and caregivers will increase, this regulatory sprint should also help to relieve some of the administrative burdens that fall on covered entities and health insurance plans. 

Details About These Changes

Whenever changes are proposed to a law that has as widespread impact as HIPAA does, there tends to be some concern over the details of the changes and how that will affect employee’s day today. Here are a few things that you need to know: 

Increased Options for Patients to Access Own PHI 

One of the key motivations behind planning and suggesting these changes to the HIPAA Privacy Rule is to increase each individual’s ability to view and access their health records or other forms of PHI. They intend to accomplish this by allowing additional options for patients to reach their information - whether that is through being able to take notes or even snap pictures of their PHI. More details on what this will look like will be seen as time passes. 

Covered Entity Response Time Window Shortened 

The timeframe in which the HIPAA-covered entities must fulfill a request from an individual seeking their information has always been 30-day response time. However, one of the main proposed changes would cut this window of time in half - requiring the organization to deliver the requested health record or PHI to the individual within 15 days from the request. 

Updates on Fee Structure for PHI Requests 

Currently, the Privacy Rule does set out limitations on the max price that a covered entity can charge for fulfilling the request for copies of PHI. This standard currently only allows these organizations to cover the cost that they incur in creating a copy of the information. However, with the proposed updates to the Privacy Rule, more detail will be given on what fee structure should be implemented. With the updates, the situations are separated into two groups - half of which must be free and the other half which can continue to be charged at a low cost-based fee. 

For the first of these groups, it will be mandated that individuals can view their PHI in person or submit and received a request for electronic copies online entirely for free. In terms of the actions and requests that can be charged at a reasonable price are those for requesting and receiving a non-electric PHI copy, obtaining electronic PHI through a non-internet procedure, or wanting to re-direct your electronic PHI copy to a third party. Ideally, this structure will allow for more clarity and consistency when fulfilling all forms of PHI requests. 

Viewable Access Request Fee Chart 

In the spirit of transparency and mobility of PHI and health records between covered entities and patients, one of the proposed changes to the Privacy Rule would require organizations to post their estimated fee chart. This guide of the estimated fee amounts for PHI access and disclosure will eliminate any chance for confusion and allow patients to plan ahead on the cost before request copies of PHI. 

Streamlined Request Completion Process 

The most direct way to help relieve some burden on the admin side, while still helping to provide faster and more efficient PHI request fulfillment, is to streamline the entire process. This will likely look like simplifying and coordinating the form and format for PHI requests and the responses to those requests. The more of a structured system that can be established in organizations that regularly field these requests, the more prompt they can be fulfilled. 

Compliance Managment Full Hexagon logo

Expert compliance support, on-demand

Accountable Compliance Success Managers are dedicated to making sure your company is fully compliant as we guide you step-by-step through the process of achieving HIPAA compliance.
chevron left
Expert guidance
chevron left
Build trust
chevron left
Dedicated Compliance Success Managers
chevron left
HIPAA Training
chevron left
Decrease risk
chevron left
Close more deals