OCR May Alter HIPAA Rules to Ease Compliance, Care Coordination

February 28, 2019 | Rivkin Rounds Staff | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy

An article in the March issue of Healthcare Risk Management discussed a Request for Information (RFI) released in December by the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR). The RFI, which seeks public input on how the HIPAA rules may be modified to promote coordinated, value-based healthcare, was previously discussed here.

Rivkin Radler’s Eric Fader was quoted extensively in the article. Eric explained that the OCR’s overall goal appears to be to ensure that healthcare providers understand that the sharing of patients’ protected health information is already permitted under HIPAA for treatment purposes, and to make such sharing mandatory when necessary for care coordination. He pointed out that several sections of the RFI contemplate shifting some provisions of HIPAA from “disclosure of PHI is permissible if . . .” to “disclosure is required under these circumstances.”

“Just as the OCR continues its enforcement activities when healthcare providers inexplicably still fail to comply with HIPAA . . ., and just as they continue to put out press releases regarding settlements that are clearly intended to be educational for the provider community, the OCR has clearly recognized that more education is necessary to improve sharing of patient information so that the system will work better overall,” Eric concluded. “[OCR] seems to be prepared to make this a priority in 2019.”

Share this article:
show more

Get legal updates and news delivered to your inbox