Healthcare Information Security

Patient Privacy News

Do HIPAA Regulations Need Updates on Patient Privacy?

The current opioid crisis has pushed lawmakers to consider making adjustments to HIPAA regulations, particularly with regard to patient data privacy.

Patient privacy considerations key in HIPAA regulations with data access concerns

Source: Thinkstock

By Elizabeth Snell

- Current patient privacy laws, such as HIPAA regulations, may need to be adjusted to help individuals who are suffering from drug addiction, HHS Secretary Tom Price said in a recent White House press briefing.

It is particularly devastating to learn that family members might not be made aware of a loved one’s status because of the privacy laws, Price explained at the August 8 briefing.

“We’re looking through the regulatory process to determine what can be done, if anything, to make it so that those…privacy requirements are not as onerous in the case of an overdose,” Price said. “And it certainly is something that Congress could address, and we’ll talking with them and have had conversations with many of them about that.”

There were 52,000 overdose deaths in 2015, approximately 33,000 of which were related to opioids, he added. The numbers in 2016 and so far in 2017 are not improving.

HHS has briefed the president on the necessary resources and information for prevention and treatment and recovery, Price stated. This includes providing best practices for states and agencies that are involved in the treatment and recovery process.

READ MORE: ONC Stresses Improved Patient Data Access Measures

Price gave the example that privacy laws do not necessarily allow for parents of a 19-year-old to be notified that their child had a substance abuse problem.

“This is really an important issue because one of the things that we’ve found when going around the country is that it’s the local communities, it’s the local, loving community -- the families, the organizations within communities -- that are so pivotal to providing success for individuals getting through the treatment and on to recovery,” Price explained.  

An interim report from the Commission on Combating Drug Addiction and the Opioid Crisis also discussed better aligning patient privacy laws with HIPAA regulations. The report said it was important to ensure that information about substance use disorders (SUDs) be made available to medical professionals treating and prescribing medication to a patient.

“Providers and other advocates have found that certain privacy regulations, while well intentioned patient protections, act as a barrier to communication between providers, can make it difficult for family members to be involved in a loved one’s treatment, and limits the ability to use electronic health records to their full potential,” the report stated.

“42 CFR Part 2, which requires addiction treatment professionals to acquire written patient consent before sharing any information with a patient’s other health care providers, including when the addiction treatment facility is part of a larger health care system, is a particular hindrance to comprehensive health care.”

READ MORE: Calif. Patient Data Sharing Guidance Aids Mental Health Care

The Commission referenced Jessie’s Law (S. 581), which the Senate passed earlier this month. Jessie’s Law aims to have HHS establish guidelines for when healthcare providers should prominently display a patient’s history of opioid use on his or her medical record. The legislation will also work toward maintaining patient privacy.  

“Only at a patient’s request” shall that patient’s history of opioid abuse “be prominently displayed in the medical records (including electronic health records),” according to the bill.

West Virginia Senator Joe Manchin sponsored the bill, which is named after a woman who died from an overdose after being prescribed oxycodone following surgery. Manchin explained that the law would help physicians be “better prepared to deal with the medical records of recovering addicts.”

"Jessie's story is a heartbreaking example of needlessly losing a loved one to this battle,” US Rep. Tim Walberg said in a March 2017 statement. “It is vital for medical professionals to have access to the information that they need about their patient's history so they can provide safe treatment and proper care. This bipartisan bill will make a real difference in fighting back against the deadly opioid epidemic and help save lives in our communities." 

Patient health data access can be a confusing part of HIPAA regulations, with both providers and patients sometimes having difficulty in knowing what is allowed and what is not.

READ MORE: AMIA Stresses Patient Data Security Concerns in Federal Rule

The HIPAA Privacy Rule was designed to find the right balance between the flow of information and patient PHI security.

“The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing,” the Privacy Rule summary states. “Given that the health care marketplace is diverse, the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed.”

Under HIPAA, patients also have the right to grant another individual access to their health information, AHIMA Director of HIM Practice Excellence Lesley Kadlec told in a previous interview.

AHIMA recently released a new form to help both healthcare providers and patients better understand and utilize the patient health data access process.

“Consumer engagement and making sure that consumers understand their right to access their health information is really something that we've been focusing on,” Kadlec said. “We wanted to enable our members and health care organizations at large to be able to have a tool that would help them make sure that their patients are having easy access to their medical records.”

Healthcare providers should ensure that they remain current on all federal and state regulations with regard to patient data access to guarantee patient privacy. Even if HIPAA regulations are adjusted to account for proper care, data access should be granted in a way that still accounts for privacy.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks