Changes Proposed to Healthcare Privacy Rules

Posted on March 11, 2021January 5, 2022

AAFCPAs would like to make healthcare clients aware that the Department of Health & Human Services’ Office for Civil Rights (DHHS OCR) proposed new regulations to modify the Standards for the Privacy of Individually Identifiable Health Information (Privacy Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). These modifications address standards that may impede the transition to value-based health care by limiting or discouraging care coordination and case management communications among individuals and covered entities (including hospitals, physicians, and other health care providers, payors, and insurers) or posing other unnecessary burdens. The proposals address these burdens while continuing to protect the privacy and security of individuals’ protected health information.

The current HIPAA Rules have not been updated since 2013, when the HIPAA Omnibus Rule was enacted.

The Notice of Proposed Rulemaking (NPRM) issued by DHHS includes, but is not limited to, changes for:

Individual Right of Access
Reducing Identity Verification Burden for Individuals Exercising the Right of Access
Clarifying the Scope of Covered Entities’ Abilities to Disclose PHI to Certain Third Parties for Individual-Level Care Coordination and Case Management that Constitutes Treatment or Health Care Operations
Encouraging Disclosures of PHI When Needed to Help Individuals Experiencing Substance Use Disorder
Eliminating Notice of Privacy Practices Requirements Related to Obtaining Written Acknowledgment of Receipt, Establishing an Individual Right to Discuss the NPP with a Designated Person, Modifying the NPP Content Requirements, and Adding an Optional Element

These proposed changes include exceptions related to the penalties that are given for HIPAA, specifically the sharing of PHI for telehealth during COVID-19.

In addition, new guidelines on the sharing of Protected Health Information (PHI) data and the violation penalties that were proposed in 2019 are expected to take effect sometime in 2021 according to HIPAA Journal.

AAFCPAs advises clients to review the proposed changes and determine how these may impact your current processes for patient care.

If you have questions, please contact Mr. Anderson at manderson@nullaafcpa.com; Courtney McFarland, CPA, MSA, at 774.512.4051, cmcfarland@nullaafcpa.com; or your AAFCPAs Partner.

About the Authors

Mr. Anderson, MCSE, CCNP, CISSP, CEH

Mr. Anderson is a “white hat” ethical security hacker and business continuity advisor with extensive experience in the development & implementation of security-focused audit and control programs. He is highly sought-after for his expertise in Cyber Security & Technology Assessments, including: security architecture reviews; penetration/vulnerability testing; business resiliency, disaster recovery and other remediation strategies; hardware system selection and configuration; cloud application security reviews; and wireless security assessments. Mr. Anderson has a deep understanding of industry standards and …

Courtney McFarland, CPA, MSA, 340B ACE

Courtney is an audit & consulting partner in the firm’s Healthcare Practice with extensive experience advising the nation's healthcare safety net community, including Federally Qualified Heath Centers (FQHCs), clinics, and behavioral health providers. She delivers a full range of solutions solving the challenges that AAFCPAs’ healthcare clients face, including: audits in accordance with Uniform Guidance/Single Audit and Government Auditing Standards, 340B pharmacy program requirements, best practices for reconciliation & analysis of statistical and programmatic data, …

Related Insights

Navigating Federal Funding Uncertainty: Financial Strategies for Nonprofits

Nonprofits across the country are facing an uncertain financial future as the federal funding freeze and shifting policies disrupt their budgets. Organizations that have long relied on stable government grants are now being forced to reassess their financial strategies, manage liquidity more carefully, and rethink how they maintain reserve funds. Evaluating Financial Reserves and Liquidity […]

340B Discounts at Risk: What It Means for FQHCs and Patient Care

Federally Qualified Health Centers (FQHCs), hospitals, and health systems relying on 340B discounts are facing growing uncertainty. Courts, policymakers, and pharmaceutical manufacturers continue to push for changes that could reshape how the program operates. Recent developments have highlighted potential new restrictions and increased oversight along with the financial strain for participating providers. FQHCs and hospitals […]

The Current Federal Funding Landscape: What Nonprofits Need to Know

Nonprofits nationwide that receive government funding are facing uncertainty as a federal funding freeze disrupts critical financial support. At the same time, nonprofit leaders nationwide are voicing concerns and seeking clarity on how this freeze may affect their organizations. Federal Funding at Risk The funding freeze initiated under the Trump administration has raised alarms among […]