OCR Proposes Big Changes to HIPAA Privacy Rule

This week, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released proposed changes to the HIPAA Privacy Rule that would “break down barriers that have stood in the way of commonsense care coordination and value-based arrangements for far too long,” according HHS Secretary Alex Azar.

The Notice of Proposed Rulemaking (NPRM) aims to remove regulations that can hinder communication and data exchange between provider organizations and health plans. The agency says the proposed changes would expand individuals’ rights to access their own digital health information, boost information-sharing and case management across the care continuum, and enable greater family and caregiver involvement during emergencies or health crises.

The changes would also offer more flexibilities for disclosures in situations such as opioid overdoses and the COVID-19 public health emergency. The OCR would replace the privacy standard that permits HIPAA-covered entities to make some uses and disclosures of protected health information (PHI) based on “professional judgment” with a standard permitting such uses or disclosures based on that entity’s “good faith belief that the use or disclosure is in the best interests of the individual,” according to the proposed rule.

The new rule would also expand covered entities’ latitude for PHI disclosure when it’s meant to avert a “serious and reasonably foreseeable” risk to health or safety – as compared with the existing standard, which requires a “serious and imminent” threat.

Additionally, it is anticipated that a streamlined new rule would reduce administrative burdens on HIPAA-covered entities while continuing to protect patient privacy. HHS Deputy Secretary Eric Hargan said that the proposed changes support new ways for providers to innovate and coordinate care on behalf of patients, while ensuring that HIPAA’s promise of privacy and security is upheld.

The OCR is encouraging public comments over the next 60 days. The full NPRM is available here.

To better understand how these proposed changes might affect your organization, please contact the experts at PrivaPlan at 1-877-218-7707 or info@privaplan.com.

Related Posts

Access PrivaPlan Toolkit

Access CMA-PrivaPlan Toolkit

Sign up for updates

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.