Among regulations in healthcare, perhaps none is more well known—or loathed—than HIPAA.
Now, the Department of Health and Human Services said they want to hear from the public about how to fix what are officially known as the Health Insurance Portability and Accountability Act (HIPAA) rules.
Specifically, they are looking for feedback on how to reform the HIPAA Privacy Rule to remove barriers to organizations trying to share data in an attempt to improve healthcare delivery.
For example, the agency has heard that during the opioid crisis, the privacy rule blocked patients and families from getting needed help.
“We are looking for candid feedback about how the existing HIPAA regulations are working in the real world and how we can improve them,” said Office for Civil Rights Director Roger Severino in a statement. “We are committed to pursuing the changes needed to improve quality of care and eliminate undue burdens on covered entities while maintaining robust privacy and security protections for individuals’ health information.”
HIPAA originally passed into law in 1996 and was aimed at providing privacy and security for patients health information while allowing information to be shared as needed. And it has risen in prominence in recent years with a rash of high-profile breaches of patient health information among IT companies and health systems.
Amid the broader shift underway from fee-for-service to value-based, coordinated care, the OCR said it has been fielding a growing number of calls to revisit the rules that can limit or discourage information needed to make that shift possible.
The request for information is part of the “Regulatory Sprint to Coordinated Care,” an initiative led by Deputy Secretary Eric Hargan, and seeks information on which parts of HIPAA rules present obstacles to its goals without meaningfully contributing to privacy.
They are requesting broad input on HIPAA rules including:
- Facilitating parental involvement in care.
- Addressing the opioid crisis and serious mental illness.
- Accounting for disclosures of protected health information for treatment, payment and healthcare operations as required by the HITECH Act.
- Changing a requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the notice of privacy practices.
The RFI is due Feb. 11, 2019.