The Department of Health and Human Services (HHS) announced a Request for Information (RFI) regarding how the HIPAA Privacy, Security, and Breach Notification Rules could be modified to reduce regulatory burdens and to improve care coordination, case management, and value-based health care.
In addition to opening the door for public comments on current challenges and potential modifications to the HIPAA Rules, the RFI specifically requests feedback on anticipated changes to several specific provisions of the Privacy Rule including:
- Promoting information sharing for treatment and care coordination
- Whether revising the right of access would enable more timely transfers of protected health information (PHI) between covered entities and other covered entities or health care providers
- Whether disclosures of PHI to non-provider covered entities for care coordination or as part of treatment or health care operations should be excepted from the minimum necessary standard
- Whether the Privacy Rule should be modified to encourage covered entities to share PHI with non-covered entities such as social service agencies or support programs for coordination
- Promoting parental and caregiver involvement and addressing the opioid crisis and serious mental illness
- How the Privacy Rule might be amended to remove obstacles to treatment of opioid addiction and serious mental illness
- Accounting of disclosures
- How the Privacy Rule can be modified to comply with the HITECH Act’s requirement that an accounting of disclosures include disclosures made for treatment, payment, and health care operations through an electronic health record without becoming overly burdensome
- Notices of Privacy Practices (NPPs)
- Whether the signature and recordkeeping requirements related to NPPs should be eliminated
- How the NPP requirements could be modified to reduce burdens on covered entities
Public comments are due by February 12, 2019 and can be submitted here.