OCR Seeks Public Comment on HIPAA Privacy Rule Impact on Coordinated Care, Possible Changes to Rules

If you’ve ever felt like the HIPAA Privacy Rule needs some work — or stands in your organization’s way of providing coordinated, value-based healthcare — then the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) wants to hear from you.

The OCR has issued a Request for Information (RFI) from the public on how they might modify the HIPAA Rules, and specifically the HIPAA Privacy Rule, as part of Deputy Secretary Eric Hargan’s Regulatory Sprint to Coordinated Care.

HIPAA Rules were originally developed to protect the privacy and security of individuals’ health information, with specific allowances for the sharing of information that’s essential to care. But the OCR has heard its fair share of requests to revisit certain aspects of the Rules. That would be areas where healthcare organizations and others in the industry feel the Rules make it too difficult to truly achieve coordinated or value-based health care.

The Regulatory Sprint to Coordinated Care takes “a close look at how regulations like HIPAA can be fine-tuned to incentivize care coordination and improve patient care while ensuring that we fulfill HIPAA’s promise to protect privacy and security,” said Hargan.

In addition to input on the HIPAA Rules in general, the RFI seeks comments on how HIPAA Privacy Rules impact:

  • Information-sharing for treatment and care coordination
  • Parental involvement in care
  • Ability to address the opioid crisis and mental health
  • Accounting for disclosures of PHI for treatment, payment, and healthcare operations, as required by the HITECH Act
  • The current requirement for certain providers to make good-faith efforts to obtain an acknowledgment of receipt of the Notice of Privacy Practices

“In addressing the opioid crisis, we’ve heard stories about how the Privacy Rule can get in the way of patients and families getting the help they need,” Hargan said. “We’ve also heard how the Rule may impede other forms of care coordination that can drive value.”

The OCR is hoping for candid feedback on how existing HIPAA regulations are working in the real world — and how the agency can improve these regulations to drive innovation and excellence in patient care.

“We are committed to pursuing the changes needed to improve quality of care and eliminate undue burdens on covered entities while maintaining robust privacy and security protections for individuals’ health information,” said OCR director Roger Severino.

To share your story of how HIPAA Rules, and the HIPAA Privacy Rule, in particular, may present obstacles to coordinated and values-based healthcare — without meaningfully contributing to the privacy and security of protected health information and/or patients’ ability to exercise their rights with respect to their PHI — you can comment on the RFI by Feb. 12, 2019.