What's Next for HIPAA?Privacy Attorney Kirk Nahra Analyzes Potential Regulatory Changes
What impact would potential changes to HIPAA have on the healthcare sector? And what's the likelihood that HIPAA, indeed, will be modified - especially provisions that touch on privacy and security? Privacy attorney Kirk Nahra sizes up what's ahead.
The Department of Health and Human Services' Office for Civil Rights on Dec. 13 issued a request for information seeking feedback on potential changes to HIPAA aimed at reducing the "regulatory burden," including ways to improve secure data sharing for patient care coordination (see HHS Seeks Feedback on Potential HIPAA Changes).
In addition, OCR is seeking comments on how to best implement a long-overdue HITECH Act requirement to provide patients with an accounting of disclosures from an electronic health record for treatment, payment and healthcare operations.
In an interview with Information Security Media Group, Nahra predicts that any proposal to modify HIPAA likely won't be issued until "late 2019 at the earliest, and probably not until 2020 - and then you have to go through notice [of rulemaking] and [public] comment."
What's largely being examined by HHS, Nahra says, is the idea of potentially streamlining regulatory burdens.
In the interview (see audio link below photo), Nahra discusses:
- Potential changes that could expand the types of companies covered under by HIPAA, including providers of health-related social media and mobile health apps;
- The possibility of eliminating the HIPAA requirement for patients to acknowledge receipt of notice of a healthcare entity's privacy practices;
- HIPAA-related changes most likely to win approval.
As a partner at the law firm Wiley Rein LLP, Nahra specializes in privacy and information security issues, as well as other healthcare, insurance fraud and compliance issues. He's a member of the board of directors of the International Association of Privacy Professionals and was co-chair of the Confidentiality, Privacy and Security Workgroup, a former panel of government and private-sector privacy and security experts advising the American Health Information Community.