Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), issued a Request for Information (RFI) seeking input from the public on how the Health Insurance Portability and Accountability Act (HIPAA) Rules, especially the HIPAA Privacy Rule, could be modified to further the HHS Secretary’s goal of promoting coordinated, value-based healthcare. This RFI is a part of the Regulatory Sprint to Coordinated Care, an initiative led by Deputy Secretary Eric Hargan.
HHS developed the HIPAA Rules to protect individuals’ health information privacy and security interests, while permitting information sharing needed for important purposes. However, in recent years, OCR has heard calls to revisit aspects of the Rules that may limit or discourage information sharing needed for coordinated care or to facilitate the transformation to value-based health care. The RFI requests information on any provisions of the HIPAA Rules that may present obstacles to these goals without meaningfully contributing to the privacy and security of protected health information (PHI) and/or patients’ ability to exercise their rights with respect to their PHI.
“This RFI is another crucial step in our Regulatory Sprint to Coordinated Care, which is taking a close look at how regulations like HIPAA can be fine-tuned to incentivize care coordination and improve patient care, while ensuring that we fulfill HIPAA’s promise to protect privacy and security,” said Deputy Secretary Hargan. “In addressing the opioid crisis, we’ve heard stories about how the Privacy Rule can get in the way of patients and families getting the help they need. We’ve also heard how the Rule may impede other forms of care coordination that can drive value. I look forward to hearing from the public on potential improvements to HIPAA, while maintaining the important safeguards for patients’ health information.”
“We are looking for candid feedback about how the existing HIPAA regulations are working in the real world and how we can improve them,” said OCR Director Roger Severino. “We are committed to pursuing the changes needed to improve quality of care and eliminate undue burdens on covered entities while maintaining robust privacy and security protections for individuals’ health information.”
In addition to requesting broad input on the HIPAA Rules, the RFI also seeks comments on specific areas of the HIPAA Privacy Rule, including:
- Encouraging information-sharing for treatment and care coordination
- Facilitating parental involvement in care
- Addressing the opioid crisis and serious mental illness
- Accounting for disclosures of PHI for treatment, payment, and health care operations as required by the HITECH Act
- Changing the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices
Public comments on the RFI will be due by February 11, 2019. The RFI may be downloaded from the Federal Register at: https://www.federalregister.gov/public-inspection/