By: Wes Morris, Managing Principal Consultant and Dawn Morgenstern, Senior Principal Consultant

This past Thursday, the Office for Civil Rights (OCR) issued a statement of intent to publish a Notice of Proposed Rulemaking (NPRM) proposing to modify the HIPAA Privacy Rule. These modifications are proposed to improve health information sharing for more effective healthcare, empower individuals with their own protected health information (PHI), and alleviate unnecessary administrative burdens on covered healthcare providers and health plans.

The NPRM has not yet been published in the Federal Register at the time of this writing; however, it can be expected any day. Once published, a 60-day period for review and comments will begin. After the comment period, OCR will review and issue a final rule. Covered Entities and Business Associates must comply with the new or modified standards and implementation specifications no later than 180 day from the effective date of the final rule. Thus, we can reasonably expect the modifications to the Privacy Rule to be in force sometime in 2021.

Our initial review of the proposed modifications reveals the following key objectives:

• Improving individual’s right of access, and their right to direct PHI to third parties
• Expanding on care coordination and case management activities (including a modification to the minimum necessary standard for these activities)
• Improving ability to disclose PHI to social services agencies and home-based/community-based organizations for individual level care coordination and case management
• Requiring modifications to the Notice of Privacy Practices (NPP)
• Removing the burden to get acknowledgement of receipt of the NPP from the patient

Clearwater is closely monitoring the publication of updates, and we will continue to provide our insights as new information becomes available. Contact us today if you have any questions regarding these proposed modifications or HIPAA compliance in general.