Hospitals & Health Systems

Exchange Services

Exchange Connector

Audit Manager

Institutional Audit Monitor

Professional Audit Monitor

Ambulatory and Physicians

Exchange Services

Audit Manager

Polaris MIPS Reporting

Exchange Forms Service

Accountable Care Organizations (ACO) Capabilities


Health Plan Capabilities

Preparing for HIPAA Changes in IT, HIM, Compliance and Privacy

June 29, 2021
MRO Privacy

In a recent HIMSS TV interview with Bill Siwicki, Features Editor, Healthcare IT News, I had an opportunity to discuss the potential impact of new HIPAA privacy rules on healthcare provider organizations. The proposed changes are intended to improve patient access to protected health information (PHI) and promote compliant interoperability.

Current HIPAA Privacy Rules versus Proposed New Rules

The transition from the old HIPAA Privacy rule to the new proposed rule turns HIPAA upside down. The Omnibus Final Rule, the most recent addition to HIPAA, was passed in 2013 to strengthen the protection of protected health information, especially in electronic form, and give patients more access to their PHI. However, the proposed new rules have led to conflict due to lack of alignment with interoperability.

In MRO’s response to the Notice of Proposed Rule Making (NPRM) request for comment, we emphasized the need for proper protection of information balanced with the patient’s right to their information. Patients need to understand that when a request is directed to a third or fourth party, that party might not assume the same responsibility as a covered entity or business associate to protect the information. Patient awareness of this lack of obligation is critical to ensuring the privacy and security of their PHI.

Gaps in Interoperability 

From my perspective, the biggest gap in 2021 is the lack of a consistent description of an electronic designated record set. As we evolve over time, any electronic health information should be made available to the patient, and it is important to clarify what that means.

One option under consideration is the United States Core Data for Interoperability (USCDI), a standardized set of health data classes and constituent data elements for nationwide, interoperable health information exchange. In addition, HIMSS, CHIME, AHIMA and others are working collectively to suggest core content for the designated record set, which will help establish consistency across facilities and support interoperability.

Operational Impact of New Rules on HIM, IT, Compliance and Privacy 

We hope that the comments submitted regarding the NPRM averted some issues that might have occurred had the proposed rules come to fruition as written. For example, the interoperability rule states that fees can be charged for providing information when manual effort is required, which will cause confusion. Do you set limits, or do you share all information?

It is important to give interoperability time to mature over the next several years. If patients can easily obtain their information and download it to another device, is there really a need for an update to the HIPAA privacy rules? Perhaps not. Quite a few larger provider organizations have indicated that they do not think the proposed changes are necessary. Once interoperability is fully achieved, the suggestions in the NPRM are not needed. As we continue to monitor forward movement based on responses to the NPRM, we will watch and see what happens.

To watch the full HIMSS TV interview, click here.

Newsletter Sign-Up

Recent Posts

Elevate Your Quality Scores: A Guide to Maximize MIPS/MVP in 2024

Elevate Your Quality Scores: A Guide to Maximize MIPS/MVP in 2024

As the healthcare landscape continues to evolve, so do the challenges and opportunities presented by CMS’ Quality Payment Program (QPP). Since its inception in 2017, QPP has become increasingly complex, making it harder for providers to avoid penalties and maximize...

Choosing the Right QPP Reporting Method for MSSP ACOs in 2025

Choosing the Right QPP Reporting Method for MSSP ACOs in 2025

Navigating the Shift: Transitioning from CMS Web Interface to APP As the 2024 performance year ends, MSSP ACOs (Medicare Shared Savings Program Accountable Care Organizations) are bracing for new reporting obligations under the Quality Payment Program (QPP). The...