Understanding the Proposed HIPAA Privacy Rule Updates: Enhancing Patient Rights and Data Access

The Health Insurance Portability and Accountability Act (HIPAA) plays a vital role in safeguarding patient privacy by securing protected health information (PHI). 

The Department of Health and Human Services (HHS) has proposed several updates to the HIPAA Privacy Rule to adapt to the evolving healthcare.

The aim behind these updates is to 

• Empower patients
• Streamline data access
• Ensure appropriate PHI use and disclosure

Let's explore the key changes that are being proposed and their potential impact on patients and covered entities.

1. Patient Inspection and Access

One of the main updates is that the patients can inspect their PHI and takes photographs or notes if they wish to.

This provision empowers individuals by giving them a more active role in 

• Managing their health information
• Promoting transparency
• Fostering informed decision-making

2. Expedited Access to PHI

The proposed update aims to reduce the maximum response time frame to expedite PHI access.

The providers will have to respond within 15 days to the access request which is half the time frame from the current one.

This change will encourage prompt decision-making and high patient engagement with timely access to PHI.

3. EHRs and Personal Health Applications

The proposed update restricts the ePHI transfer to a third party.

It will only be maintained in an EHR.

If requested, the patients will have the right to share their ePHI with personal health applications.

With this change, the use of health apps will grow and patients will be empowered to manage and integrate their health information.

4. Cost and Accessibility

The updated rule emphasizes that individuals should be provided with ePHI without charge under certain circumstances.

Additionally, covered entities will be required to inform individuals of their right to obtain or direct copies of their PHI to a third party when a summary of PHI is offered instead of a copy. 

These changes aim to 

• Enhance accessibility
• Reduce barriers
• Ensure individuals have control over their health information

5. Expanded Use and Disclosure Criteria

The proposed updates expand the ability of covered entities to disclose PHI to avert a threat to health or safety when harm is "seriously and reasonably foreseeable." 

This change broadens the circumstances under which PHI may be shared, prioritizing the safety and well-being of individuals.

6. Data Sharing and Coordination

The updated rule establishes a pathway for individuals to direct the sharing of their PHI maintained in an EHR among covered entities. 

This provision promotes interoperability and care coordination, enabling healthcare providers to deliver comprehensive and efficient services while ensuring patient privacy.

7. Notice of Fee Schedules and Privacy Practices

Covered entities will no longer be required to obtain a written acknowledgment from individuals for receiving a Notice of Privacy Practices. 

Furthermore, HIPAA-covered entities will be required to post estimated fee schedules for PHI access and disclosures on their websites and provide individualized fee estimates for copies of PHI. 

These changes promote transparency and help individuals understand the potential costs associated with accessing their health information.

8. Broadened Definitions and Exceptions

The updated rule broadens the definition of healthcare operations to include care coordination and case management. 

This expansion recognizes the importance of these activities in delivering comprehensive care. 

Additionally, covered entities will be required to respond to records requests from other covered entities when individuals exercise their right of access. 

This ensures seamless data exchange and promotes continuity of care.

As the proposed HIPAA changes bring several benefits to the patients, they pose challenges for the covered entities.

Compliance with the new regulations will require a careful and thorough review of existing policies and procedures. 

For seamless data access and secure sharing, the covered entities will be required to make necessary updates to their technology systems.

Covered entities will need to implement robust security measures to protect patient information while facilitating the increased access and sharing of PHI.

It's important to note that these updates are still in the proposal stage and subject to potential revisions. 

Covered entities and stakeholders will have the opportunity to provide feedback during the public comment period, ensuring that the final rule strikes the right balance between patient rights and privacy protection.

Are Your Healthcare Systems Ready for the Changing Healthcare Regulations?

The need for healthcare IT to be compliant with the regulations is one of the most crucial things in the healthcare industry.

With the changing rules, you will have to ensure that your healthcare IT is ready for the upcoming updates in the healthcare regulations.

If they’re not ready then, don’t worry. We’ve got your back.

We’re a local Canadian healthcare IT company.

We’ve successfully delivered 60+ projects in the last 8+ years.

With our experience of working dedicatedly for the healthcare industry, we can proudly say that we’ve understood and decoded all the healthcare regulations. 

If you have any difficulty in updating your healthcare systems, then fill out the form below, and let’s discuss how we can help you solve them.