Data Governance,
Data Security,
Healthcare
HHS Releases New Guidance to Support Interoperability Initiative ‘Make Health IT Great Again’
Millions of patients across the United States may be unaware of their rights under HIPAA regarding access to medical records. As a result, numerous individuals face obstacles when attempting to obtain records from various healthcare providers, sometimes facing refusals altogether.
The federal government is actively tackling ongoing issues surrounding patient access and interoperability through its recent initiative, “Make Health IT Great Again,” introduced last month. The Department of Health and Human Services (HHS) additionally released new guidance on the HIPAA Privacy Rule’s access rights.
Experts indicate that while the recent FAQs don’t introduce new insights for those familiar with HIPAA regulations, they may provide clarification for a broader audience, including over 60 healthcare technology firms, providers, and insurers that are committed to adhering to new interoperability standards ratified by HHS’ Centers for Medicare and Medicaid Services.
This interoperability push aims to empower patients to seamlessly access electronic health information, utilizing third-party mobile applications and AI tools to analyze their data and facilitate the transfer of records between healthcare providers. HHS emphasizes the establishment of a “patient-centric digital healthcare ecosystem” that endeavors to enhance patient outcomes and streamline operational burdens for providers.
Insights from the Guidance
The HHS Office for Civil Rights (OCR) recently issued FAQs exploring specific aspects of the HIPAA Privacy Rule. One question scrutinizes whether healthcare providers are legally allowed to share patient-protected health information (PHI) with “value-based care” organizations, like accountable care groups, without patient consent. HHS confirms that this is permissible, although further context is provided.
Another FAQ focuses on the right of individuals to access their PHI from “designated record sets” maintained by healthcare providers and health plans. These designated records can encompass various documents, including medical and billing records, but not all PHI is accessible to patients, with specific exceptions outlined in the guidance.
A few regulatory analysts argue that the latest FAQs do not significantly alter existing HHS guidance but highlight points of potential confusion among healthcare providers and patients. Certain clarifications regarding what constitutes designated record sets and their associated privacy considerations are fundamental to navigating HIPAA effectively.
Legal experts assert that these updates emphasize the importance of stringent privacy and security measures for covered entities while redirecting patients to resources that clarify their rights under HIPAA. HHS’ overall interoperability strategy reinforces patient access to healthcare records via compatible networks and applications, aligning with the Fast Healthcare Interoperability Resources (FHIR) standards for secure data exchange.
Looking forward, HHS OCR may need to broaden its guidance scope to encompass nuances pertaining to privacy regulations surrounding substance abuse treatment records and the implications of recent court rulings affecting reproductive health information protections. The evolution of HHS guidance remains crucial as patients, providers, and organizations strive to navigate the complexities of HIPAA compliance effectively.
