HHS issues RFI seeking new ideas for protecting privacy
The Department of Health and Human Services is requesting information from industry stakeholders to gain insight on ways to update the HIPAA Privacy Rule to meet needs posed by the shift to value-based care.
Federal officials at HHS, which includes the Office for Civil Rights, understand that some issues in the HIPAA law, particularly the privacy rule, might need tweaking in order to better support the coordination of care required to succeed by stakeholders moving to value-based care.
HIPAA was intended to protect individuals’ privacy and security while permitting information sharing. “However, in recent years, OCR has heard calls to revisit aspects of the rules that may limit or discourage information sharing needed for coordinated care or to facilitate the transformation to value-based care,” according to the RFI.
Consequently, policymakers are requesting information on provisions in HIPAA rules that may present obstacles to value-based care without meaningfully contributing to privacy and security of protected health information and patients being able to exercise their rights with respect to their PHI.
As the opioid crisis has intensified, the government has learned ways that the privacy rule impedes patients and families from getting help, acknowledges HHS Deputy Secretary Eric Hargan. “We’ve also heard how the rule may impede other forms of care coordination that can drive value.”
OCR Director Roger Severino emphasizes that the department wants candid feedback on how HIPAA rules are working in the real world. “We are committed to pursuing the changes needed to improve quality of care and eliminate undue burdens on covered entities while maintaining robust privacy and security protections for individuals’ health information.”
Specific areas of comment on the privacy rule include:
- Encouraging information-sharing for treatment and care coordination.
- Facilitating parental involvement in care.
- Addressing the opioid crisis and serious mental illness.
- Accounting for disclosures of PHI for treatment, payment and health care operations.
- Changing a current requirement for certain providers to make a good faith effort to obtain an acknowledgement of receipt of the Notice of Privacy Practices.
Comments from industry stakeholders are due on Feb. 11, 2019, and the request for information is available here.