Providers concerned about proposed sweeping HIPAA update

gary.tandberg@thomsonreuters.com  /  June 3, 2021

Tom Cruise’s “Mission Impossible” film series was launched back in 1996. Every few years since, new “MI” movies have updated the franchise while sticking to its core action-intrigue values.

Also debuting that year: Health Insurance Portability and Accountability Act (HIPAA). While many in the healthcare industry believe the federal law protecting sensitive patient health information needs to be modernized, there are provider group concerns about the following:

  • The privacy and security of sensitive medical data when it’s made more accessible
  • Implementing changes during a pandemic
  • Squaring the changes with other data-restricting regulations

Concerns about timing

The American Medical Association stated in a letter to OCR that it questions “the need for these changes, particularly at this time.”

The physician group noted that practices still face major challenges to alter IT and data exchange processes in order to comply with last year’s rules changes promoting interoperability. And of course, there’s ongoing pandemic-related overhead to contend with as well.

“We urge OCR to reconsider implementing a massive change to patient privacy laws in the midst of this transition,” the AMA wrote.

Easing standards

If finalized, the proposal would ease decades-old privacy standards for patient health data protected since the implementation of HIPAA. It would become easier for providers to share information during emergencies and coordinate care with patients’ families, caregivers and with healthcare companies.

The new rule would also make it much easier for third parties such as app developers, to access sensitive health information.

Strong opposition

“The AMA strongly opposes the finalization of any policies expanding the current ability of covered entities — or any other type of entity, including smartphone apps and third parties — to override an individual’s privacy preferences,” the AMA wrote.

Compliance with HIPAA and HITECH (Health Information Technology for Economic and Clinical Health Act) already presents significant challenges to providers. An experienced health care law attorney can help providers meet those challenges today and prepare for those coming in the days ahead.