Do HIPAA Laws Create Blockades That Avoid Information Sharing?

November 21, 2018


The HHS has prepared a Request for Information (RFI) to find out how HIPAA Laws are obstructing patient information sharing and are making it tough for healthcare suppliers to organize patient care.

HHS desires remarks from the public and healthcare industry sponsors on any provisions of HIPAA Laws which are discouraging or restraining organized care and case management among hospitals, doctors, patients, and payers.

The RFI is part of a new initiative, called Regulatory Sprint to Coordinated Care, the purpose of which is to get rid of barricades that are avoiding healthcare companies from sharing patient information while retaining safeguards to make sure patient and data secrecy are safeguarded.

The remarks received through the RFI will guide the HHS on how HIPAA can be improved, and which policies must be followed in rulemaking to assist the healthcare industry change to organized, value-based health care.

The RFI was delivered to the Office of Management and Budget for review on November 13, 2018. It is presently unclear when the RFI will be delivered.

Some provisions of HIPAA Laws are supposed to be barricades to information sharing. The American Hospital Association has spoken out concerning some of these problems and has insisted the HHS to take action.

Although there are definitely elements of HIPAA Laws that would help from an update to improve the sharing of patient health information, in some instances, healthcare companies are perplexed about the limitations HIPAA places on information sharing and the situations under which PHI can be shared with other units without the requirement to get prior approval from patients.

The feedback HHS is looking for will be used to evaluate what parts of HIPAA are creating problems, whether there is a possibility to get rid of certain limitations to help information sharing and areas of misinterpretation that call for more guidance to be issued on HIPAA Laws.

HIPAA does permit healthcare suppliers to share patients’ PHI with other healthcare suppliers for the purposes of cure or healthcare operations without approval from patients. Nevertheless, there is some misunderstanding regarding what constitutes treatment/healthcare operations in some instances, how best to share PHI, and when it is allowable to share PHI with units other than healthcare suppliers. Simplification of HIPAA Laws might help in this respect, as could the formation of a safe port for good faith revelations of PHI for the purposes of case management and care co-ordination.

Although the HHS is keen to create an atmosphere where patients’ health information can be shared more easily, the HHS has made it clear that there will not be any modifications made to the HIPAA Safety Law. Healthcare suppliers, health plans, and business associates of HIPAA-covered units will still be needed to implement controls to make sure risks to the secrecy, integrity, and availability of protected health information are controlled and decreased to a realistic and acceptable level.

In addition to a general request for information, the HHS will especially be seeking information on:

  • The ways of accounting of all revelations of a patient’s protected health information
  • Patients’ acceptance of receipt of a providers’ notice of secrecy practices
  • Creation of a safe harbor for good faith revelations of PHI for purposes of care coordination or case management
  • Disclosures of protected health information without a patient’s approval for treatment, payment, and health care functions
  • The minimum necessary standard/requirement.

Although the RFI is likely to be issued, there are no assurances that any of the remarks submitted will result in HIPAA rule modifications.