If You Have Suggestions for Improving the HIPAA Privacy or Security Rule, Now Is the Time to Speak Up
On December 14, 2018, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) published a Request for Information (RFI) about ways to modify the HIPAA Privacy and Security Rulesto promote the transition of the health care industry to a value-based Medicare payment model and improve care coordination for patients. See “Request for Information on Modifying HIPAA Rules to Improve Coordinated Care,” 83 FR 64302 Page:64302-64310. OCR will accept responses to the RFI until February 12, 2019.
OCR seeks information about four broad topics, but also welcomes information about other aspects of the HIPAA Privacy and Security Rules that may have proven burdensome or ineffective for HIPAA Covered Entities (e.g. health care providers that transmit data electronically in connection with a HIPAA standard financial or administrative transaction, health plans, and health care clearinghouses). The specific topics are:
One area that HIPAA Covered Entities may wish to raise with OCR is pre-emption of state law. As currently structured, HIPAA establishes a minimum floor of privacy protection, but states can enforce stricter standards. It is often difficult to determine whether a state privacy law or HIPAA controls. This is a particular problem with mental health, HIV/AIDs, and genetic information which often receives heightened protection via state laws. OCR could significantly decrease the burden on Covered Entities by clarifying pre-emption in a more robust way than is presently available in its regulations or secondary guidance.
Whatever your concerns about the HIPAA Privacy or Security Rule, do not miss your chance to make them known to OCR. They appear ready to entertain all suggestions to reduce burden while still protecting individual privacy and security.
To sign up for Dykema’s Health Care Blog e-mail updates, pleaseclick here.
45 CFR Parts 160 and Part 164 subparts C and E.
- HHS and HSSC Release New Cybersecurity Practices for the Health Care Industry
- OCR Issues Request for Information on Potential Changes to HIPAA Rules
- New Pharmacist's Guidelines for Advertisement in Brazil
- New Kickback Law Targeting Opioid Treatment Facilities Could Affect Traditional Lab Arrangements
WSG Member: Please login to add your comment.