The Office for Civil Rights (OCR) is requesting public input on reforms to Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules to promote care coordination and the health system’s transformation to value-based health care while protecting the privacy and security of individuals’ protected health information (PHI).  Specifically, in a request for information (RFI) to be published on December 14, 2018, OCR seeks feedback on ways current policy could be modified the meet the following goals:

  • Promoting information sharing for treatment and care coordination and/or case management by amending the Privacy Rule to encourage or require covered entities to disclose PHI to other covered entities.
  • Encouraging covered entities to share treatment information with parents, loved ones, and caregivers of adults facing health emergencies, particularly with regard to the opioid crisis.
  • Implementing the HITECH Act requirement to include, in an accounting of disclosures, disclosures for treatment, payment, and health care operations from an electronic health record (EHR) in a manner that provides helpful information to individuals, while minimizing regulatory burdens/disincentives to interoperable EHR use.
  • Eliminating or modifying the requirement for covered health care providers to make a good faith effort to obtain individuals’ written acknowledgment of receipt of providers’ Notice of Privacy Practices.

Additional background information and more detailed questions are presented in the RFI.  Comments are due February 11, 2019.