Revisions to HIPAA, the federal law governing standards for the protection of patient health data, are expected to come out this spring or summer.
What happened
There are two overarching changes patients and providers can expect when the law revisions are officially released.
First, HIPAA will make it easier for providers to share protected health information with relevant parties. Second, HIPAA is updating the tiered structure for violation penalties and an incentive to report violations.
The first major change, with information provided by Health and Human Services, aims to ensure patients can easily access their own protected health information. The new provisions will allow patients to take notes and record images and also shortens the response time for protected health information from 30 to 15 days.
Healthcare providers will also be required to provide records for free when possible, or otherwise make the cost clear. Finally, patients will be able to request both billing and treatment records simultaneously.
The second change released under the HITECH Act applies to potential violators and distinguishes between accidental and intentional violations. Individuals who unknowingly violated HIPAA may pay as little as $100 per violation, while those who willfully violate HIPAA protections may face up to $50,000 in fines per violation. On top of this change, patients who report the violation may be entitled to compensation.
Other changes are also likely to roll out, with a grace period of enforcement, in the coming months.
Read More: What is the Health Breach Notification Rule
Why it matters
Changes making it easier to access protected healthcare information should help patients stay informed regarding their healthcare and ensure it is accessible by other healthcare entities as needed, alleviating delays in treatment caused by lack of access.
On top of providers being able to give patients more information, they will also be able to send more information to other providers if they believe it is in the patient's best interest. This change will require healthcare providers to use their best judgment, necessitating a thorough understanding of HIPAA compliance.
The new penalty structure should reduce fines for those who unknowingly and unintentionally violate HIPAA. There is also now a monetary incentive to report, which could increase reports. Even if violations happen unintentionally, they can quickly add up. Providers should be diligent in understanding all HIPAA provisions.
Related: HIPAA Compliant Email: The Definitive Guide
Going deeper
These provisions and more were announced in 2020, with an expected official release date in the spring of 2023.
Since the announcement, healthcare entities can expect the official changes to be announced any day. Once they are, they can also expect a grace period for enforcement as hospitals and organizations adjust to the change.
It's the first major revision to the law in 10 years and should help HIPAA keep up with changing trends and needs in healthcare.
The bottom line
Healthcare entities should be on the lookout for the new provisions and plan to work closely with providers to ensure everyone is on the same page. There will likely be some growing pains as providers transition to the new protocols, but the best way to prepare is to ensure providers have a robust understanding of current laws and healthcare trends.
Abby Grifno
