Trump administration seeks public feedback on how to fix HIPAA privacy rules

HIPAA document
The request for information is part of the "Regulatory Sprint to Coordinated Care," an initiative led by HHS Deputy Secretary Eric Hargan. (Getty/designer491)

Among regulations in healthcare, perhaps none is more well known—or loathed—than HIPAA.

Now, the Department of Health and Human Services said they want to hear from the public about how to fix what are officially known as the Health Insurance Portability and Accountability Act (HIPAA) rules.

Specifically, they are looking for feedback on how to reform the HIPAA Privacy Rule to remove barriers to organizations trying to share data in an attempt to improve healthcare delivery. 


2019 Drug Pricing and Reimbursement Stakeholder Summit

Given federal and state pricing requirements arising, press releases from industry leading pharma companies, and the new Drug Transparency Act, it is important to stay ahead of news headlines and anticipated requirements in order to hit company profit targets, maintain value to patients and promote strong, multi-beneficial relationships with manufacturers, providers, payers, and all other stakeholders within the pricing landscape. This conference will provide a platform to encourage a dialogue among such stakeholders in the pricing and reimbursement space so that they can receive a current state of the union regarding regulatory changes while providing actionable insights in anticipation of the future.

For example, the agency has heard that during the opioid crisis, the privacy rule blocked patients and families from getting needed help. 

“We are looking for candid feedback about how the existing HIPAA regulations are working in the real world and how we can improve them,” said Office for Civil Rights Director Roger Severino in a statement. “We are committed to pursuing the changes needed to improve quality of care and eliminate undue burdens on covered entities while maintaining robust privacy and security protections for individuals’ health information.”

RELATED: HIPAA compliance means marriage between security, privacy officers

HIPAA originally passed into law in 1996 and was aimed at providing privacy and security for patients health information while allowing information to be shared as needed. And it has risen in prominence in recent years with a rash of high-profile breaches of patient health information among IT companies and health systems.

Amid the broader shift underway from fee-for-service to value-based, coordinated care, the OCR said it has been fielding a growing number of calls to revisit the rules that can limit or discourage information needed to make that shift possible. 

The request for information is part of the "Regulatory Sprint to Coordinated Care," an initiative led by Deputy Secretary Eric Hargan, and seeks information on which parts of HIPAA rules present obstacles to its goals without meaningfully contributing to privacy. 
RELATED: With support from health IT groups, a new ‘wizard’ looks to streamline patient medical records requests

They are requesting broad input on HIPAA rules including:

  • Facilitating parental involvement in care.
  • Addressing the opioid crisis and serious mental illness.
  • Accounting for disclosures of protected health information for treatment, payment and healthcare operations as required by the HITECH Act.
  • Changing a requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the notice of privacy practices.

The RFI is due Feb. 11, 2019.

Suggested Articles

Health insurers’ financial performance is on a continuing upward trend, but political and legal risks could pose a threat to that growth.

Senate lawmakers released a draft package of legislation aimed at curbing healthcare costs they said they believe they can pass on a bipartisan basis.

Attorneys general seeking to defend the ACA argue that their opponents—including the DOJ—have poor legal standing to challenge the law.