Changes Could Be Coming to HIPAA — and Providers Are Worried

By Kayla Matthews, HealthIT writer and technology enthusiast, Tech Blog
Twitter: @ProductiBytes

The Health Insurance Portability and Accountability Act (HIPAA) went into effect in 1996, and it has changed dramatically in the intervening decades. Initially created to make health insurance coverage easier to maintain for employees as they moved between jobs, the Act has expanded to include patient privacy and security.

The Act has received updates over the years — the government added the Enforcement Rule in 2006, the Breach Notification Rule in 2009 and the Omnibus Final Rule in 2013. New changes could be on the horizon, and the projected changes have health care providers worried.

How might HIPAA change, and are providers right to be concerned?

Potential Changes
How is the Department of Health and Human Services working to change HIPAA?

Currently, HHS is focusing on the rules that prevent the sharing of protected health information (PHI). HIPAA protects this information, and strictly regulates how providers can use it and whom they can share it with. The changes to HIPAA would relax those restrictions to encourage coordinated care — enabling different providers to have access to all health records for a given patient.

There is also a secondary rule proposal that would change the transaction requirements for pharmacies that are filling prescriptions of Schedule II drugs. This rule would allow these facilities to clearly distinguish between a new order, a partial fill and a refill. This change could potentially help officials combat the growing opioid crisis.

Finally, there is the problem of federal preemption. Right now, each state has a patchwork of rules and regulations that could, in theory, supersede the federal HIPAA mandate. The American Hospital Association supports this change.

Expected Impacts and Worried Providers
How will these HIPAA changes impact the medical field? Right now, it’s hard to say — the Request for Input phase for the PHI change ended on Feb. 12, but they are still requesting input on the Schedule II change through April. The full impact of these changes won’t be visible until the HHS publishes their final drafts.

Providers are still worried, though. Many oppose the changes because they won’t encourage coordinated care, and may put an unnecessary burden on health care professionals. It could even put providers in a position that pressures or forces them to share PHI in opposition to the patient’s wishes.

The biggest problem with these changes is their speed. Officials want to make significant changes quickly, and may implement penalties for providers who don’t comply fast enough. The consensus, however, is that these changes don’t offer any benefits, and will be detrimental to providers across the country — and this has them worried.

HIPAA Should Stay Current, but Steady Change Is Best
HIPAA may need some changes, especially with the opioid crisis facing this country, but quickly implementing a massive overhaul isn’t the answer. These significant alterations to HIPAA regulations will only make things harder for the providers trying to care for their patients in offices and hospitals across the country.

Some professionals even believe HIPAA is outdated and in need of a change. Some of the most significant changes to the Act, such as the Breach Notification amendment of 2009, would not exist if states hadn’t implemented them first. California was the first state that started notifying patients if a breach occurred, and that caught on and became federal law.

In their current draft, the new HIPAA changes are set to make it harder for health care providers to do their jobs. Only time will tell if the HHS will listen to the input they’ve received from professionals and facilities across the country to modify this draft.

HIPAA needs to change with the times, but doing it all at once is going to cause more problems than it solves.