Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE +
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Policy
May 06, 2021 04:37 PM

Providers fear HIPAA changes conflict with interoperability, info blocking rules

Michael Brady
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Modern Healthcare Illustration / Getty Images

    Providers, patient advocates and app developers broadly support a Trump-era rule that would make it easier to share patient health information, but they remain divided over how far the changes should go and concerned about inconsistencies across regulations, according to comments on the proposed rule due Thursday.

    Hospitals and medical groups said that easing the exchange of health information and allowing patients greater access to and control of their health records could enable better care coordination and management. But they're worried about giving more access to smartphone apps and other entities that aren't covered by the Health Insurance Portability and Accountability Act.

    "Until such entities are subject to privacy and security standards commensurate with HIPAA rules, there is a real threat that the lack of appropriate patient privacy protections will erode any gains in patient engagement," the Association of American Medical Colleges said in a letter.

    App developers, on the other hand, don't think the proposed rule changes go far enough. They argue that health information exchanges and networks, certified electronic health record vendors, and providers' other business associates could block requests for electronic health information from individuals or apps or services acting on a patient's behalf.

    Data-sharing startup Ciitizen hinted that app developers and other third-party organizations could sue the federal government if HHS' Office for Civil Rights finalizes the proposed rule without significant changes.

    "This proposal runs counter to the Cures Act and (the Office of the National Coordinator for Health Information Technology's) information blocking rules," it said. "OCR needs to take further action to assure the privacy rule is consistent with these new federal laws."

    Provider groups also worried about continuity across HIPAA regulations, ONC's interoperability and information blocking rules and regulations affecting the confidentiality of patients' substance use disorder records.

    "A common regulatory framework (including terms and definitions) will improve compliance and reduce operational burden on providers subject to these rules and reduce confusion for patients," AAMC wrote. "We urge HHS to provide detailed and integrated guidance to providers that accounts for the different HHS rules governing health information exchange that providers may be subject to."

    And while providers universally praised OCR's proposal to stop requiring patient signatures for privacy notices, they remain concerned about other administrative issues.

    The proposed rule would allow patients to view and capture personal health information by taking notes, videos, photos and other means. Providers said they supported the idea but feared it could disrupt care, clinical workflow or violate the rights of others.

    The Medical Group Management Association said it opposed "a blanket mandate" to immediately give patients access to their health information, saying that OCR should "allow clinicians to use their personal judgment in deciding when to allow patients to take photos or videos of their PHI at the point of care."

    Provider groups are also concerned about changes that would require HIPAA-covered entities to respond to an individual's request for access "as soon as practicable, and no later than 15 days" in most instances. The proposal has support from app developers and many patient advocates. But providers and some outside experts claim the change would be too demanding for hospitals and medical groups to follow.

    WEDI, a formal advisor to HHS focused on health IT, said OCR should continue to allow HIPAA-covered entities 30 days to provide patients with their personal health information, given considerable variation in technology, medical record formats and medical records' location.

    Hospitals and medical groups worried that the proposed rule might not allow them to get fully compensated for the labor and other costs associated with providing third-party access to personal health information.

    "If OCR finalizes a permitted fee structure, that structure should recognize the difference in cost when manual labor is required to meet a request," MGMA wrote.

    WEDI asked OCR to educate, rather than penalize, providers and other HIPAA-covered entities in the event of a ransomware attack.

    "HHS should not 'blame the victim' by considering a ransomware attack an automatic data breach," the advisory group said.

    Many patient advocates supported the proposed rule when the Trump administration unveiled it in December because it would give patients more control over their personal health information. They claimed it would enable patients to make better-informed decisions about their care and switch providers more easily. But some worried that changes to enhance care coordination and management would allow providers to collect and share more data than necessary, which could threaten patients' privacy.

    Experts say the proposed changes to HIPAA rules would shift providers' mindset from protecting to sharing health information—HIPAA's original goal. But many experts say the nearly 25-year-old patient privacy law is due for an overhaul if it's going to live up to its promise.

    While HIPAA mostly succeeded in safeguarding patient health information created in the healthcare system, it hasn't enabled widespread information sharing and doesn't really protect health-relevant information outside the traditional healthcare system.

    "The lack of educational awareness as well as the lack of clarity regarding the scope of HIPAA, who is obligated to abide by HIPAA, as well as how it is interpreted, enforced, and intersects with other privacy laws has created significant gaps in compliance and enforcement. Our nation needs a comprehensive health privacy law that encompasses all these issues from a broader perspective and one that is implementable," the Healthcare Information and Management Systems Society said in a letter.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Copy of 101920-news-insurance-ok_WEB_i.jpg
    CMS issues Medicare Advantage, Part D 2024 payment policy notice
    PHE ending
    What the end of the federal COVID-19 emergency means for healthcare
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Modern Healthcare Alert: Sign up for this breaking news email to be kept in the loop as urgent healthcare business news unfolds.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE +
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing