The Department of Health and Human Services’ Office of Civil Rights has issued a Notice of Proposed Rulemaking that would amend the Health Insurance Portability and Accountability (HIPAA) Act’s Privacy Rule to, among other things, reduce the regulatory burden on the healthcare industry.
HIPAA’s Privacy Rule protects the privacy and security of individuals’ medical records and other protected health information while it is maintained or transmitted on or behalf of HIPAA covered entities.
The proposed rule would. among other provisions:
- Add definitions for the terms electronic health record (EHR) and personal health application
- Strengthen individuals’ rights to inspect their PHI in person
- Shorten covered entities’ required response time to no later than 15 calendar days
- Reduce the identity verification burden on individuals exercising their access rights
- Create an exception to the “minimum necessary” standard for individual level care coordination and case management uses and disclosures
- Replace the privacy standard that permits covered entities to make certain uses and disclosures of PHI based on their “professional judgment” with a standard permitting such uses or disclosures based on a covered entity’s good faith belief that the use or disclosure is in the best interests of the individual
“Our proposed changes to the HIPAA Privacy Rule will break down barriers that have stood in the way of commonsense care coordination and value-based arrangements for far too long,” said HHS Secretary Alex Azar in a statement. “As part of our broader efforts to reform regulations that impede care coordination, these proposed reforms will reduce burdens on providers and empower patients and their families to secure better health.”
Comments about the proposed rule are being accepted for 60 days and may be submitted by going to www.regulations.gov and searching for Docket ID number HHS-OCR-0945-AA00.