Preparing for HIPAA Changes in IT, HIM, Compliance and Privacy

June 29, 2021

In a recent HIMSS TV interview with Bill Siwicki, Features Editor, Healthcare IT News, I had an opportunity to discuss the potential impact of new HIPAA privacy rules on healthcare provider organizations. The proposed changes are intended to improve patient access to protected health information (PHI) and promote compliant interoperability.

Current HIPAA Privacy Rules versus Proposed New Rules

The transition from the old HIPAA Privacy rule to the new proposed rule turns HIPAA upside down. The Omnibus Final Rule, the most recent addition to HIPAA, was passed in 2013 to strengthen the protection of protected health information, especially in electronic form, and give patients more access to their PHI. However, the proposed new rules have led to conflict due to lack of alignment with interoperability.

In MRO’s response to the Notice of Proposed Rule Making (NPRM) request for comment, we emphasized the need for proper protection of information balanced with the patient’s right to their information. Patients need to understand that when a request is directed to a third or fourth party, that party might not assume the same responsibility as a covered entity or business associate to protect the information. Patient awareness of this lack of obligation is critical to ensuring the privacy and security of their PHI.

Gaps in Interoperability 

From my perspective, the biggest gap in 2021 is the lack of a consistent description of an electronic designated record set. As we evolve over time, any electronic health information should be made available to the patient, and it is important to clarify what that means.

One option under consideration is the United States Core Data for Interoperability (USCDI), a standardized set of health data classes and constituent data elements for nationwide, interoperable health information exchange. In addition, HIMSS, CHIME, AHIMA and others are working collectively to suggest core content for the designated record set, which will help establish consistency across facilities and support interoperability.

Operational Impact of New Rules on HIM, IT, Compliance and Privacy 

We hope that the comments submitted regarding the NPRM averted some issues that might have occurred had the proposed rules come to fruition as written. For example, the interoperability rule states that fees can be charged for providing information when manual effort is required, which will cause confusion. Do you set limits, or do you share all information?

It is important to give interoperability time to mature over the next several years. If patients can easily obtain their information and download it to another device, is there really a need for an update to the HIPAA privacy rules? Perhaps not. Quite a few larger provider organizations have indicated that they do not think the proposed changes are necessary. Once interoperability is fully achieved, the suggestions in the NPRM are not needed. As we continue to monitor forward movement based on responses to the NPRM, we will watch and see what happens.

To watch the full HIMSS TV interview, click here.

Newsletter Sign-Up

Recent Posts

Following the Medical Record: On-Air with Mo Weitnauer

Following the Medical Record: On-Air with Mo Weitnauer

​I recently sat down with MRO’s chief product officer, Mo Weitnauer, on our podcast show Follow the Medical Record. Mo and I discussed the world of clinical data exchange and its crucial role within the healthcare industry. We then chatted about the need for payers...

HFMA 2023: The Importance of Digitizing Requests

HFMA 2023: The Importance of Digitizing Requests

The HFMA 2023 Annual Conference wrapped up earlier this week at the Gaylord Opryland in Nashville, TN. Our team attended insightful presentations and had meaningful one-on-one conversations with attendees, all centered around cost-effective health. A common theme...

Innovation in Payer and Provider Data Exchange: On-Air Insights

Innovation in Payer and Provider Data Exchange: On-Air Insights

I recently had the pleasure of speaking with Beth Friedman, Senior Partner at FINN Partners, as a guest on the FINN Voices show on Healthcare NOW Radio. The topic was innovation in payer and provider data exchange. As we talked about the challenges between payers and...

Hospitals & Health Systems

Release Exchange

Payer Exchange
Audit Manager
Institutional Audit Manager

Professional Audit Manager

Ambulatory and Physicians

Release Exchange

Audit Manager

MIPS Reporting

Clinical Forms Exchange

Accountable Care Organizations (ACO) Capabilities

Medical Specialty Societies & Registry Capabilities

Health Plan Capabilities