HIMSS Comments on HIPAA Proposed Regulation, Highlights Importance of Alignment and Access

On May 6, HIMSS submitted comments to the Department of Health and Human Services (HHS) Office of Civil Rights (OCR), in response to the Proposed Modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule To Support, and Remove Barriers to, Coordinated Care and Individual Engagement.

The proposed changes aim to address burdens that may impede the transition to value-based healthcare by limiting or discouraging care coordination and case management communications among individuals and covered entities, while continuing to protect the privacy and security of individuals’ protected health information (PHI).

HIMSS offered recommendations to address the provisions related to patient right of access and pertinent definitions in the privacy rule that may impact other data privacy and information blocking regulations.

In the letter, HIMSS emphasized the following recommendations, considerations and support in an effort to ensure HIPAA promotes the sharing of PHI while guaranteeing the confidentiality, integrity and availability of patient data.

• Align HIPAA with Other Regulations Focused on Privacy and Data Sharing
• Support for Modifications to Individual Access Rights
• Strengthen the Right to Inspect with the Express Right to Take Notes, Videos, and Photos to Capture PHI
• Modify the Implementation Requirements for Requests for Access and Timely Action in Response to Requests for Access
• Address the Individual Access Right to Direct Copies of PHI to Third Parties
• Adjust Permitted Fees for Access to PHI and electronic PHI
• Eliminate the Requirement for Individuals to Provide Written Acknowledgment of Receipt of Notice of Privacy Practices
• Refocus the Definition of Electronic Health Record
• Recommend Changes to the Personal Health Application Definition
• Ensure an Individual Provides Permissioned Access for Disclosures to Third Party Entities
• Balance Patient Identity Verification Burden with Right of Access

Overall, HIMSS recommended that any changes to the HIPAA Regulation be harmonized with other federal privacy regulations. 

HIMSS stressed that these rules should be clear and concise and avoid any redundancies, conflicts or inconsistencies that may result in confusion and impede progress.

HIPAA’s proposed modifications related to patients’ right to access are an opportunity to gain a greater level of transparency in PHI processes while asserting patient preference in the level of access.

HIMSS looks forward to continuing engagement in the privacy conversation with OCR and other federal agencies, Congress, states and members of the health ecosystem as data privacy issues continue to gain momentum in the months ahead.