HIPAA – Current and Upcoming Changes

HIPAA Doctor

Just like many other laws in our country, HIPAA is always evolving. HIPAA is one of, if not the most important law regarding the safekeeping and dissemination of medical records. The past few years have brought about a number of changes, that in turn, required HIPAA to evolve.

Everything from the COVID-19 pandemic, new technologies, and even an increased reliance on tele-health have all brought some changes to this law. Whether you’re a patient or a provider, it’s critical to understand your rights, as well as what you can expect. There are many changes coming on the horizon, but it’s important to look at some of the most recent alterations.

What is HIPAA?

HIPAA ComplianceWe’ve already written about HIPAA at length, but the simple answer is that HIPAA is a law that governs medical records. HIPAA was enacted in 1996 as a part of The Social Security Act. Its main focus is to regulate and protect sensitive health information.

It created a strict set of guidelines that mandate everything from what information is protected, how it’s protected, and how it’s shared and destroyed. There are steep penalties for violating HIPAA regulations, often in the thousands of dollars for even a single violation.

Changes to HIPAA

There have been a few critical changes to HIPAA over the past few years. 2013 saw the first major piece of legislation when congress passed the HIPAA Omnibus Rule. This rule was a change to the Health Information Technology for Economic and Clinical Health (HITECH) Act. This rule basically made several fundamental changes to the security, privacy, breach notification, and enforcement rules to account for new technology. It also expanded the rules for certain businesses to comply with HIPAA or be held directly liable. 

21st Century Cures Act

In 2016, Congress passed the 21st Century Cures Act. In short, this piece of legislation aided in the sharing of information with regard to medical research. Although not a direct change to HIPAA itself, it does govern how this data can be shared, and protocols for data breaches. 

2020 CARES Act

During the height of the COVID-19 pandemic, Congress passed the CARES Act to expand certain items that fall under the HIPAA purview. During the lockdown, many people were forced to visit their doctors virtually, while also struggling financially. New rules were enacted to slightly loosen the restrictions around personal health information (PHI), while also tightening the rules about notifications for data breaches. 

This allowed for patients to get the care they needed quickly, while also protecting them from data breaches. It was also expanded to include individuals suffering from substance abuse disorder (SUD) to get the help they needed. It allowed for covered entities to be able to get patient information more readily.

2021 HIPAA Safe Harbor Law

legal documents lawsThis is the most recent change to the law itself. The 2021 HIPAA Safe Harbor Law encourages businesses and covered entities to improve or upgrade their cybersecurity measures. It mostly applies to the financial penalties that could be assessed in instances of data breaches.

The effects are two-fold. First, it encourages businesses to upgrade their security measures to the latest and most effective cybersecurity protocols. Secondly, it reduces the penalties and audit times for companies that can prove that “best practices” were followed in the event of a breach. The Department of Health and Human Services (HHS) is ultimately the body that will decide if these practices were followed.

Upcoming Legislation and Changes to HIPAA

Revision to HIPAAThere are a number of proposed changes coming for HIPAA. Whether or not those changes will be passed remains to be seen. Most of these changes are aimed at making patient health records more accessible and easier to share among covered entities. 

Some of the proposed changes include:

  • Allowing patients to inspect their PHI in person, or photograph relevant documents
  • Changing the maximum time allotted to receive PHI from 30 days to 15
  • Allowing patients to transfer PHI or EHR to third party apps
  • Allowing patients to transfer certain PHI and EHR at no cost
  • Forcing companies to be more transparent regarding fees associated with PHI sharing

These are just a few of the changes that are on the horizon. It’s no surprise that technology and changes to the social fabric of the nation have motivated these revisions. As with most laws, they must evolve over time. HIPAA is no different, and these changes will undoubtedly not be the last.

Record Nations Can Help Keep PHI and EHR Secure

Record Nations partners with the most innovative and secure record management companies in the United States. No matter what your business needs, we can partner you with the right company at the right price. All of our providers are versed in the latest changes to HIPAA and the latest cybersecurity protocols.

Record Nations will help you find a professional document scanning and offsite tape storage service provider near you to digitize your records and keep a backup copy safe. Call us at (866) 385-3706 or fill out the form on the right for a free quote on services in your area. We look forward to helping you keep your patient’s information safe and accessible.