In a letter to the Department of Health and Human Services (HHS) Office of Civil Rights (OCR), America’s Essential Hospitals responded to proposed changes to Health Insurance Portability and Accountability Act (HIPAA) regulations that hinder care coordination.
In a Jan. 21 proposed rule, OCR outlined modifications to privacy standards in an effort to improve the transition to value-based care. The agency notes current standards might impede such efforts by limiting or discouraging care coordination and case management communication among individuals and covered entities (including hospitals, physicians, payers, and insurers).
In its comments, the association urged OCR to:
- narrow the definition of electronic health record to align with the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) definition;
- allow development of standards and guardrails on the use of application programming interfaces and personal health applications before mandating the production of personal health information (PHI) through such applications;
- make progress toward interoperability before mandating that covered entities share PHI electronically with third parties, including other providers;
- maintain existing timeliness requirements (i.e., 30 days) for responding to access requests;
- provide flexibility for covered entities to exercise judgment in allowing individuals to record health information at the point of care;
- finalize exceptions to the “minimum necessary” standard for individual-level care coordination and case management;
- add an express permission for a covered entity to disclose PHI to a social services or community-based organization, or similar third party, for the purpose of individual-level care coordination and case management;
- allow “good faith belief” to be the standard for permission to make certain uses and disclosures in the best interest of individuals;
- adopt a “reasonably foreseeable threat” standard for use and disclosure of PHI for those impacted by substance use disorder and serious mental illness; and
issue rulemaking implementing requirements related to 42 CFR Part 2, to ensure alignment with HIPAA and to facilitate related health information exchange.
Contact Senior Director of Policy Erin O’Malley at email@example.com or 202.585.0127 with questions.