December 11, 2020 When you thought of HIPAA, was the image that came to mind an old, never-changing and outdated law? If it was, the Department of Health & Human Services (HHS) just issued a wake-up call with a new Notice of Proposed Rulemaking (NPRM), announced yesterday, to make fresh new modifications to the HIPAA Privacy Rule. So what may be changing when it comes to HIPAA? The proposed modifications are designed to address barriers to value-based health care, particularly those that limit or discourage care coordination and case management communications, as well as amend provisions of the Privacy Rule that pose “unnecessary regulatory burdens” without sufficiently improving privacy protections. While the 357 page document contains a lot of information, a few highlights of the proposed changes include: There’s a lot to unpack within these proposed changes, but in general, the proposal helps to bring the HIPAA Privacy Rule up to date with current technology usage, in addition to expanding and emphasizing patient’s rights to view, receive, and handle their own PHI. While these rules are just a proposal, it’s highly likely that most of these changes will go into effect (or a similar version of them) once the proposal’s comment period ends. So when will you need to worry about these changes? Since the proposal’s announcement on December 10th, comments on the notice are due within 60 days. Once the comment period has ended and any changes are finalized, the effective date will be 60 days from the final publication. Your practice will still have a little breathing room, as covered entities would have 180 days from the effective date to update or implement policies to achieve compliance with these new or modified standards – essentially, you’ll have 240 days after the rule is finalized to comply. While complying with these proposed Privacy Rule changes won’t be necessary for quite a while, knowing what is coming and preparing your practice ahead of time is still key. If you don’t have a current compliance program in place that reflects the most recent industry threats and updates, consider throwing out what may be a very old HIPAA binder and seeking out a new solution that can help you dynamically update your policies as these changes go into effect next year.
