Healthcare Information Security

HIPAA and Compliance News

HHS, OCR Seek Industry Feedback on HIPAA Update for Data Sharing

HHS and OCR released an RFI in response to industry stakeholder requests asking Congress and HHS to modernize HIPAA for the digital healthcare age.

OCR seeks healthcare industry leader comment on HIPAA modernization

By Jessica Davis

- The Department of Health and Human Service and the Office for Civil Rights are seeking industry feedback on how to improve HIPAA guidance, especially around care coordination.

The OCR Request for Information comes in response to an outpouring of industry stakeholder requests in recent years, for a HIPAA update that reflects the digital nature of the healthcare sector.

In fact, American Medical Informatics Association and American Health Information Management Association leaders told Congress on December 5 that the privacy rule needed to be modernized to bolster a patient’s right to access their data.

Officials said they’ve heard the calls to revisit the aspects of HIPAA that may limit or discourage providers from sharing data, along with the lack of facilitation that will fuel the shift into value-based care.

Stakeholders are being asked to share information on HIPAA provisions they feel “present obstacles to these goals without meaningfully contributing to the privacy and security of protected health information and/or patients’ ability to exercise their rights with respect to their PHI.”

OCR Director Roger Severino asked industry leaders for “candid feedback” on where HIPAA is working and the areas it can be improved.

“We are committed to pursuing the changes needed to improve quality of care and eliminate undue burdens on covered entities while maintaining robust privacy and security protections for individuals’ health information,” Severino said in a statement.

Specifically, agency officials asked for input on ways to encourage data sharing for both treatment and care coordination, while facilitating parental involvement in care. Further, stakeholders are asked to comment on ways HIPAA can address the opioid crisis and mental illness.

Stakeholders can also comment on how HIPAA and the HITECH Act can account for disclosures of patient data for treatment, payment, and healthcare operations, along with “changing the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices.”

To HHS Deputy Secretary Eric Hargan, the RFI is an important step in the “Regulatory Sprint to Coordinated Care,” a program that analyzes federal regulations to determine what needs to be improved, while incentivizing care coordination and improving patient care.

“In addressing the opioid crisis, we’ve heard stories about how the [HIPAA] can get in the way of patients and families getting the help they need,” Hargan said in a statement.

“We’ve also heard how [HIPAA] may impede other forms of care coordination that can drive value,” he added. “I look forward to hearing from the public on potential improvements to HIPAA, while maintaining the important safeguards for patients’ health information.”

Industry leaders can comment on the RFI until Feb. 11, 2019, which can be downloaded here.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...