Hospitals & Health Systems

Release Exchange

Payer Exchange
Audit Manager
Institutional Audit Manager

Professional Audit Manager

Ambulatory and Physicians

Release Exchange

Audit Manager

MIPS Reporting

Clinical Forms Exchange

Accountable Care Organizations (ACO) Capabilities

Medical Specialty Societies & Registry Capabilities

Health Plan Capabilities

Preparing for HIPAA Changes in IT, HIM, Compliance and Privacy

June 29, 2021
MRO Privacy

In a recent HIMSS TV interview with Bill Siwicki, Features Editor, Healthcare IT News, I had an opportunity to discuss the potential impact of new HIPAA privacy rules on healthcare provider organizations. The proposed changes are intended to improve patient access to protected health information (PHI) and promote compliant interoperability.

Current HIPAA Privacy Rules versus Proposed New Rules

The transition from the old HIPAA Privacy rule to the new proposed rule turns HIPAA upside down. The Omnibus Final Rule, the most recent addition to HIPAA, was passed in 2013 to strengthen the protection of protected health information, especially in electronic form, and give patients more access to their PHI. However, the proposed new rules have led to conflict due to lack of alignment with interoperability.

In MRO’s response to the Notice of Proposed Rule Making (NPRM) request for comment, we emphasized the need for proper protection of information balanced with the patient’s right to their information. Patients need to understand that when a request is directed to a third or fourth party, that party might not assume the same responsibility as a covered entity or business associate to protect the information. Patient awareness of this lack of obligation is critical to ensuring the privacy and security of their PHI.

Gaps in Interoperability 

From my perspective, the biggest gap in 2021 is the lack of a consistent description of an electronic designated record set. As we evolve over time, any electronic health information should be made available to the patient, and it is important to clarify what that means.

One option under consideration is the United States Core Data for Interoperability (USCDI), a standardized set of health data classes and constituent data elements for nationwide, interoperable health information exchange. In addition, HIMSS, CHIME, AHIMA and others are working collectively to suggest core content for the designated record set, which will help establish consistency across facilities and support interoperability.

Operational Impact of New Rules on HIM, IT, Compliance and Privacy 

We hope that the comments submitted regarding the NPRM averted some issues that might have occurred had the proposed rules come to fruition as written. For example, the interoperability rule states that fees can be charged for providing information when manual effort is required, which will cause confusion. Do you set limits, or do you share all information?

It is important to give interoperability time to mature over the next several years. If patients can easily obtain their information and download it to another device, is there really a need for an update to the HIPAA privacy rules? Perhaps not. Quite a few larger provider organizations have indicated that they do not think the proposed changes are necessary. Once interoperability is fully achieved, the suggestions in the NPRM are not needed. As we continue to monitor forward movement based on responses to the NPRM, we will watch and see what happens.

To watch the full HIMSS TV interview, click here.

Newsletter Sign-Up

Recent Posts

Using Automation to Improve Payer Collaboration: On Air Insights

Using Automation to Improve Payer Collaboration: On Air Insights

Managing laborious payer processes is one of the most cumbersome operational challenges for hospitals and health systems. From initial claim submission to filling additional documentation requests, and responding to payer audits or denials, healthcare provider...

ACOs prepare for eCQM quality reporting

ACOs prepare for eCQM quality reporting

A New Frontier: ACOs and the Shift to Electronic Clinical Quality Measures Healthcare quality reporting is evolving, and accountable care organizations (ACOs) are at the forefront of this change. In 2025, ACOs will be required to shift from traditional quality...