By Deborah A. Cmielewski, Esq.

The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) has proposed modifications to the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule. The Notice of Proposed Rulemaking (“NPRM”), which promotes health information sharing and coordination of patient care, represents another vital step in HHS Deputy Secretary Eric D. Hargan’s Regulatory Sprint to Coordinated Care. A complete copy of the NPRM is available here.  

Key components of the NPRM include the following:

• The NPRM seeks to expand a covered entity’s ability to disclose protected health information (“PHI”) in the case of certain health emergencies by allowing a covered entity to share information based on a “good faith” belief that the disclosure would be in the patient’s best interests, rather than the covered entity’s “professional judgment.”
• The NPRM seeks to expand a covered entity’s ability to disclose PHI to avert a threat to health or safety when harm is “serious and reasonably foreseeable,” rather than the existing standard, which requires a “serious and imminent” threat to health or safety.
• The NPRM seeks to modify the definition of “health care operations” to clarify that the term includes care coordination and case management for individuals.
• The NPRM proposes to specifically permit covered entities to share PHI with social services agencies, community-based organizations, home and community-based service providers or other third parties that provide or coordinate health-related services necessary for an individual’s care coordination and case management.
• The NPRM contains several modifications that facilitate an individual’s right of access to his or her own health information.
• The NPRM proposes to eliminate a covered entity’s obligation to (i) obtain a patient’s written acknowledgement of receiving a Notice of Privacy Practices and (ii) retain copies of the acknowledgements for six (6) years. 
• The NPRM proposes to allow disclosure of patient information to Telecommunications Relay Services (“TRS”) and to specifically exclude TRS providers from the definition of “business associates.” 

Public comments will be due 60 days after publication of the NPRM in the Federal Register. 

For more information regarding the NPRM, contact Deborah A. Cmielewski, Esq. at dac@spsk.com or (973) 540-7327.