Comment Period for Proposed Changes to HIPAA Privacy Rule Has Been Extended

The Department of Health and Human Services (HHS) has proposed changes to the HIPAA Privacy Rule and the period for submitting comments had been scheduled to end on March 22, but on March 9, the Office for Civil Rights (OCR) (part of HHS) announced a 45-day extension of the public comment period, making the cutoff for comments now May 26, 2021.

In January, the White House published the Regulatory Freeze Memorandum which directs Executive Departments and Agencies not to issue new rules, and to consider delaying the effective date for new rules that have been published for 60 days in order to allow the new Administration time to review all the new rules before they go into effect.

Extending the comment period allows HHS to both comply with the memorandum and get more public input. As of March 12, there had been over 700 comments submitted.

What Is an Entity Code in Medical Billing?

Acting OCR Director Robinsue Frohboese. was quoted as saying, “OCR anticipates a high degree of public interest in providing input on the proposals because the HIPAA Privacy Rule affects nearly anyone who interacts with the health care system;” and, “The 45-day extension of the comment period to May 6, 2021, will give the public a full opportunity to consider the proposals and submit comments to inform future policy.”

OCR encourages all stakeholders to comment on the proposed changes and stated that they will carefully consider comments. Specified stakeholders include a wide range from patients, their families, and consumer advocates to health information technology vendors. Others who will be affected include HIPAA covered entities such as health plans, health care clearinghouses, and most health care providers, along with their business associates; health care professional associations; health information management professionals; and government entities.

Announcements from HHS say all comments will be reviewed. The Notice of Proposed Rulemaking (NPRM) can be read and comments submitted at This Federal Register site:

What’s Behind the Modification

Anyone in the health care industry is aware that HIPAA puts tight control on patients’ personal information and assigns stiff penalties for violations. It has been determined that some of the standards set by HIPAA may impede the transition to value-based health care by “limiting or discouraging care coordination and case management communications among individuals and covered entities (including hospitals, physicians, and other health care providers, payors, and insurers) or posing other unnecessary burdens.”

Patients’ protected health information (PHI) remains a priority, of course, but enabling providers and healthcare organizations to communicate is an essential part of optimizing the quality of healthcare.

Some Proposed Changes to the Privacy Act

According to HHS, these changes are intended to support individuals’ engagement in their healthcare, remove barriers to coordinated care, and reduce regulatory burdens on the healthcare industry.

One important piece of the regulation is providing a definition for “electronic health record” as: “an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff. Such clinicians shall include, but are not limited to, health care providers that have a direct treatment relationship with individuals, as defined at [45 C.F.R.] § 164.501, such as physicians, nurses, pharmacists, and other allied health professionals.  For purposes of this paragraph, ‘health-related information on an individual’ covers the same scope of information as the term ‘individually identifiable health information as defined at § 160.103.”

Are You Using the HHS HIPAA Security Risk Assessment Tool? Be Sure to Get the 2019 Update

The proposed rule would create a pathway for PHI that is in an EHR to be shared among covered entities as directed by the individual. Health plans and health care providers would also be required to provide access within 15 days rather than the current 30-day requirement.

Individuals’ rights to inspect their PHI would be strengthened—including taking notes or using other personal resources to capture images. Providing a person’s PHI to them at no charge is also stipulated.

Covered entities would be allowed to make some disclosures and uses of PHI based on a good faith belief that it is in the individual’s best interest.

Staying on top of all the latest regulatory changes is a challenge for medical practitioners. When you outsource your medical billing to a professional billing company like Medcare MSO, you can stop worrying about keeping up with changes related to medical billing because we take care of that for you. To find out how we can help boost your income and stabilize your entire revenue cycle, give us a call today at 800-640-6409 or request a Demo now!

Get  a Free AR Analysis

Recent Posts
Contact Us

1 Step 1
Let’s Get in Touch
FormCraft - WordPress form builder