HIPAA Analytics, LLC provides HIPAA privacy and security compliance services that focus on small and medium size (SMB) healthcare organizations and their business associates. HIPAA Analytics roots date back to the roll out of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). During that time, Grant Peterson (i), founder of HIPAA Analytics, began providing regulatory research, analysis, and assistance with the adoption of HIPAA privacy and security regulations for the healthcare industry. Over the past 18 years, Grant has continued his core healthcare related client focus on HIPAA privacy, security and data breach regulations to SMB healthcare related organizations. HIPAA Analytics is committed to the industry it serves, donating time and expertise in order to help improve compliance within the healthcare related community.
(i) Education: Grant holds a Bachelor of Science Degree and Juris Doctor J.D.
On December 14, 2018 the Office for Civil Rights (OCR) issued a “Request for Information” (RFI)to assist OCR in identifying provisions of the Health Insurance Portability and Accountability Act privacy and security regulations that may impede the transformation to value-based health care or that limit or discourage coordinated care among individuals and covered entities (including hospitals, physicians, and other providers, payors, and insurers), without meaningfully contributing to the protection of the privacy or security of individuals' protected health information.
First, why the “Office of Civil Rights” request for information? Answer: OCR has delegated authority from the Secretary of Health and Human Services to make decisions regarding the implementation, interpretation, and enforcement of the Privacy Rule.
Second, under this authority, OCR also administers and enforces the Security Rule, which requires covered entities and their business associates to implement certain administrative, physical, and technical safeguards to protect ePHI; and the Breach Notification Rule, which requires covered entities to provide notification to affected individuals, the Secretary of HHS, and, in some cases, the media, following a breach of unsecured PHI, and requires a covered entity's business associate that experiences a breach of unsecured PHI to notify the covered entity of the breach.
Regarding the “Request for Information on Modifying HIPAA Rules To Improve Coordinated Care”, the OCR sought public input on ways to modify the HIPAA Rules to remove regulatory obstacles and decrease regulatory burdens in order to facilitate efficient care coordination and/or case management and to promote the transformation to value-based health care, while preserving the privacy and security of PHI. Specifically, OCR sought information on the provisions of the HIPAA Rules that may present obstacles to, or place unnecessary burdens on, the ability of covered entities and business associates to conduct care coordination and/or case management, or that may inhibit the transformation of the health care system to a value-based health care system. Correspondingly, OCR seeks comment on modifications to the HIPAA Rules that would facilitate efficient care coordination and/or case management, and/or promote the transformation to value-based health care. OCR also broadly requests information and perspectives from regulated entities and the public about covered entities' and business associates' technical capabilities, individuals' interests, and ways to achieve these goals. In addition, OCR sought comment on aspects of the Privacy Rule that OCR has identified for potential modification to further these goals, specifically -
1) Promoting information sharing for treatment and care coordination and/or case management by amending the Privacy Rule to encourage, incentivize, Start Printed Page or require covered entities to disclose PHI to other covered entities.
2) Encouraging covered entities, particularly providers, to share treatment information with parents, loved ones, and caregivers of adults facing health emergencies, with a particular focus on the opioid crisis.
3) Implementing the HITECH Act requirement to include, in an accounting of disclosures, disclosures for treatment, payment, and health care operations (TPO) from an electronic health record (EHR) in a manner that provides helpful information to individuals, while minimizing regulatory burdens and disincentives to the adoption and use of interoperable EHRs.
4) Eliminating or modifying the requirement for covered health care providers to make a good faith effort to obtain individuals' written acknowledgment of receipt of providers' Notice of Privacy Practices, to reduce burden and free up resources for covered entities to devote to coordinated care without compromising transparency or an individual's awareness of his or her rights
*Part One of Two
 EPHI: Electronic Protected Health Information/PHI: Protected Health Informat
On March 10, 2021 the Department of Health and Human Services (the Department) extended the comment period for the proposed rule entitled “Notice of Proposed Rulemaking” (NPRM) to modify the Standards for the Privacy of Individually Identifiable Health Information (Privacy Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), published in the Federal Register on January 21, 2021 . The comment period for the proposed rule, was extended to May 6, 2021 . The extension allows the Secretary of Health and Human Services to make decisions regarding the implementation, interpretation, and enforcement of the Privacy Rule. Second, under this authority, OCR also administers and enforces the Security Rule, which requires covered entities and their business associates to implement certain administrative, physical, and technical safeguards to protect ePHI; and the Breach Notification Rule, which requires covered entities to provide notification to affected individuals, the Secretary of HHS, and, in some cases, the media, following a breach of unsecured PHI, and requires a covered entity's business associate that experiences a breach of unsecured PHI to notify the covered entity of the breach. Read more here at https://www.linkedin.com/posts/hipaa-analytics_proposed-modifications-to-the-hipaa-privacy-activity-6800854212394700800-fFnO
SUGGESTION: Use the handy "Magnifying" box at bottom of LINKEDIN document for easy reading.
HIPAA Analytics supports SMB healthcare related organizations (Covered Entity/Hybrid Entity and Business Associates) with affordable HIPAA compliance services nationwide.
HIPAA Analytics Services Include–
HIPAA Analytics Serves a Wide Range of Healthcare Related Services –
HIPAA Analytics appreciates your visit to our website. Our site is provided for informational purposes only.
HIPAA-Analytics is not a law firm, it does not engage in the practice of law, nor render any legal advice.
Copyright © 2021 HIPAA Analytics, LLC - All Rights Reserved