Information Sharing, Privacy Rule Changes: Essential HIPAA Updates

By Rae Steinbach, freelance writer

Anyone paying attention to HIPAA updates may have noticed that making changes to regulations can take time. Although some expected updates to be enacted in 2018, this did not occur.

That doesn’t mean there won’t be any updates in 2019. In December 2018, the Office for Civil Rights (OCR) requested feedback from covered entities in order to learn which current rules may be preventing them from delivering the strongest and most efficient healthcare they can. Traditionally, breaches of doctor-patient confidentiality could result in a case from a personal injury lawyer. This is why it’s important to learn what is going on with HIPAA in 2019. However, the main goal of OCR requesting feedback was to identify the ways that new updates can facilitate data sharing and coordination between separate entities.

After collecting feedback, OCR is now in the process of reviewing suggestions and responses. While there is currently no set date for new regulations being enacted, this indicates some changes are likely to be made within the year.

Those changes are most likely to impact the HIPAA Privacy Rule. For instance, in order to promote coordination, it’s possible OCR may loosen certain disclosure restrictions that make it difficult for entities to share protected health information (PHI) without first getting proper authorization from patients. Instead of merely allowing data sharing between providers, OCR is currently determining whether it would be more productive to make data sharing mandatory.

However, not all entities are onboard with this plan. American Hospital Association and the American Medical Association have both expressed opposition to this change. Additionally, these organizations would not like to see the timescale for responding to patient medical record requests shortened.

Another significant topic of discussion at OCR is the opioid crisis. Although current HIPAA regulations technically allow providers to disclose relevant PHI to patients’ loved ones in emergencies, or when they believe a patient may be in danger, misunderstandings regarding this issue still occur. Some believe changes to the Privacy Rule can guard against this kind of issue.

There’s also good reason to suspect the new changes will involve dropping the requirement that providers make good faith attempts to obtain written confirmation that patients have received a provider’s Notice of Privacy practices.

It’s also worth noting that, if current trends persist, enforcement of HIPAA regulations may become more common in the future. In 2018, HIPAA had a record year for enforcement. At HIMSS 2019, Roger Severino, Director of OCR, indicated that enforcement of patient access rights will continue to be a priority in the coming years. Currently, details about changes to enforcement are unclear, but it appears that providers who fail to deliver requested records in a timely manner, deny patients access to their records, or overcharge patients for services will end up facing financial penalties.

It’s important to understand that the slow process of updating regulations could postpone the changes until 2020. Regardless, any provider or covered entity should stay abreast of all updates. Knowing how regulations are changing is key to remaining in full compliance.



By freelance writer Rae Steinbach. Rae is a graduate of Tufts University with a combined International Relations and Chinese degree. After spending time living and working abroad in China, she returned to NYC to pursue her career and continue curating quality content.

Related reading

Security in RFPs in healthcare IT
Articles | Enterprise imaging | Breast imaging | Cardiology imaging | Digital pathology | Enterprise platform | Orthopaedics | Radiology imaging | Share and collaborate