Contacts
HHS Requests Feedback
The Health Insurance Portability and Accountability Act (HIPAA) includes the HIPAA Privacy and Security Rules (the “Rules”) addressing the privacy and security of Protected Health Information (PHI). In a nutshell, Protected Health Information (PHI) is:
- Information about a past, present, or future health condition, treatment for a health condition, or payment for the treatment of a health condition;
- Identifiable to a specific individual;
- Created and/or received by a Covered Entity or Business Associate acting on behalf of a Covered Entity (as those terms are defined under the Rules); and
- Maintained or transmitted in any form.
We earlier addressed the Rules and their impact on employer-provided health plans and third parties providing services to those plans as a two-part series in our October and November 2018 newsletters.
The U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) through its Office for Civil Rights (OCR) in December 2018, for the purposes of soliciting feedback to help the OCR identify provisions in the Rules that unnecessarily affect the delivery of value-based health care or the coordination of patient care without meaningfully contributing to the protection of an individual’s PHI. The ultimate goal is to enable the use of more innovative care and payment models that have developed since the Rules were initially implemented intended to improve cost, effectiveness, and health outcomes.
This RFI signals the first meaningful change to the Rules in several years is now on the horizon. The four key areas for which the OCR has provided observations and requested feedback are discussed below. Interested parties have until February 12, 2019 to provide comments. |
- Promote the sharing of Information to health care providers – The current Rules provide individuals the right to access their own PHI, which must generally be made available by a Covered Entity within 30 days of a request. The Rules contain no explicit requirement for a Covered Entity to disclose records requested by a health care provider. The OCR believes this is causing issues with care coordination and case management initiatives. The OCR also notes instances of health care providers refusing to share PHI with each other in the [often mistaken] belief it may be a violation of HIPAA’s Rules.
In addition, other parties are often involved in necessary activities not involving direct patient treatment that require PHI to function, such as population health management vendors, claims management, and utilization review. The OCR believes these activities are being - Sharing PHI with family members – The OCR is concerned that providers are reluctant to share PHI with family members and caregivers in emergency situations out of an abundance of caution even though a patient in an emergency situation may not be able to effectively communicate with the provider, and the Rules generally permit PHI to be shared with an immediate family member or designated caregiver. This has come to light most dramatically in situations involving opioid overdoses and patients suffering from mental health issues.
- Revising the required accounting of disclosures from an Electronic Health Record – As currently written, the Rules require disclosures of PHI for treatment, payment, and health care operations to be included in a requested accounting of disclosures for PHI maintained in an Electronic Health Record. The OCR notes that is has proven challenging to Electronic Health Record vendors to identify the difference between PHI that has been “accessed” (i.e. obtained by a user) versus PHI that has been “disclosed” (i.e. proactively shared with a user). The OCR requests information about whether all such uses and disclosures from an Electronic Health Record should be included in a requested accounting of disclosures.
- Relief for providers with notices of privacy practices – The OCR requests feedback on whether the requirement for health care providers to make a good faith effort to obtain written confirmation that a patient received a notice of privacy practices should be modified or eliminated.
The information contained herein is for general informational purposes only and does not constitute legal or tax advice regarding any specific situation. Any statements made are based solely on our experience as consultants. Marsh & McLennan Agency LLC shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. The information provided in this alert is not intended to be, and shall not be construed to be, either the provision of legal advice or an offer to provide legal services, nor does it necessarily reflect the opinions of the agency, our lawyers or our clients. This is not legal advice. No client-lawyer relationship between you and our lawyers is or may be created by your use of this information. Rather, the content is intended as a general overview of the subject matter covered. This agency is not obligated to provide updates on the information presented herein. Those reading this alert are encouraged to seek direct counsel on legal questions. © 2018 Marsh & McLennan Agency LLC. All Rights Reserved.
Related Offerings
Compliance Support & OversightYou May Also Be Interested In
- Event
01.21.2021
Webcast | State Individual Mandate Reporting Requirements
- Event
01.27.2021
Webinar | The New Norm: Maintaining Productivity While Working From Home
- Event
02.04.2021
Webcast | Continued Road to the Vaccine: Clinical and Compliance Considerations for Employers
- Event
02.18.2021
Webcast | HIPAA Privacy and Security Training
- Event
03.16.2021
Webinar | Pay Equity Disputes and Risks
- Event
03.18.2021
Webcast | How to Survive a U.S. Department of Labor Audit
- Event
04.15.2021
Webcast | Qualifying Life Events and Permitted Election Changes
- Event
05.20.2021
Webcast | Wellness Programs
- Event
06.17.2021
Webcast | Mid-Year Compliance Review
- Event
07.15.2021
Webcast | FMLA and Employee Benefits
- Event
08.19.2021
Webcast | Medical Expense Spending Accounts (Health FSA, HRA, HSA)
- Event
09.16.2021
Webcast | COBRA
- Event
10.21.2021
Webcast | Domestic Partner and Non-Tax Dependent Coverage
- Event
11.18.2021
Webcast | ACA Reporting Requirements
- Event
12.16.2021
Webcast | Year-End Compliance Review and Forecast
- Event
01.20.2021
Webinar | New Developments in the Classification of Workers
- Event
01.13.2021
Webinar | Leave of Absence and Return to Work Issues in the Era of COVID-19
- Blog
12.29.2020
A Summary of Benefits Provisions in the 2021 Consolidated Appropriations Act
- Blog
12.29.2020
A Coronavirus Update for Employers
- Event
12.17.2020
Webinar | Year End Checklist 2020 and Future Forecast 2021
- Blog
12.04.2020
Additional Health Reimbursement Arrangements Allowed Under Final Rules
- Blog
11.20.2020
Federal Agencies Issue Final Rules Addressing Transparency in Coverage
- Event
11.19.2020
Webinar | ACA Reporting Requirements 2020
- Event
11.12.2020
Webcast | 2020 Election Results: The Impact to Benefit Plans
- Blog
10.30.2020
A Summary of 2021 Health and Welfare Plan Limits and Other Annual Adjustments
- Blog
10.22.2020
Final 2020 IRS Forms 1094/1095 Published
- Event
10.15.2020
Webinar | Health Savings Accounts 2020
- Blog
10.14.2020
INSIGHTS Newsletter
- Blog
10.09.2020
Affordable Care Act Reporting Relief Extended for 2020
- Blog
10.09.2020
Michigan Revises No-Fault Auto Insurance
- Event
10.08.2020
Webcast | A Tale of Two Breaches
- Blog
09.24.2020
DOL Issues New FFCRA Leave Guidance
- Event
09.17.2020
Webinar | FMLA and Employee Benefits 2020
- Blog
09.14.2020
Transportation Fringe Benefits Update
- Blog
08.31.2020
Massachusetts Family Medical Leave Update: Renewal of Fully Insured and Self-Funded Private Plan Exemptions, Upcoming Dates, Plan Options and Benefit Coordination
- Blog
08.26.2020
The Empire State Strikes Back
- Event
08.20.2020
Webinar | Compliance Considerations When Self-Insuring 2020
- Blog
07.29.2020
2021 Employer Affordability Safe Harbor
- Event
07.22.2020
WEBINAR | Next Chapter: Massachusetts Family Leave Act 2021
- Blog
07.22.2020
Massachusetts Paid Family Medical Leave Update (July 2020)
- Blog
07.22.2020
Massachusetts Creditable Coverage – Employer Update (2020)
- Blog
07.22.2020
The Rise of State Individual Mandates - July 2020
- Event
07.16.2020
Webinar | Annual Required Notices 2020
- Blog
07.01.2020
IRS Addresses Direct Primary Care and Health Care Sharing Ministries
- Blog
06.30.2020
Proposed ESG Regulation
- Event
06.18.2020
Webinar | Mid-Year Compliance Review 2020
- Blog
06.16.2020
COVID-19 Plan Administration Relief: The Good, the Bad, and the Ugly
- Blog
06.16.2020
What’s Old is New Again – Annual PCORI Fee is Due July 31st
- Event
05.28.2020
Webcast | COVID-19 Update: Navigating the Coronavirus, Vaccines, Testing and Wellbeing
- Blog
05.28.2020
DOL Finalizes Rule Expanding Use of Electronic Delivery for Plan Documents
- Blog
05.27.2020
2021 Plan Limits and Final Coupon Guidance Released
- Blog
05.27.2020
A Tale of Two IRS Notices
- Event
05.21.2020
Webinar | COBRA 2020
- Event
05.19.2020
Webinar | Legal and Compliance Return to the Workplace: Considerations for Employers
- Blog
05.11.2020
IRS and DOL Extend Filing Deadlines Due to COVID-19
- Blog
04.20.2020
IRS Extends Deadlines Due to COVID-19
- Event
04.16.2020
Webcast | COVID-19: Managing the Impact- Weekly Update 4.16.20
- Event
04.16.2020
Webinar | ERISA Basics 2020
- Blog
04.10.2020
CARES Act Signed Into Law
- Event
04.09.2020
Webcast | COVID-19: Managing the Impact- Weekly Update 4.9.20
- Event
04.02.2020
Webcast | Update on COVID-19: Navigating the Coronavirus and Managing the Impact
- Blog
03.30.2020
CARES Act Provisions Expand Retirement Plan Access for Individuals Impacted by COVID-19
- Blog
03.27.2020
FFCRA Employee Rights Poster Notification Poster Available
- Blog
03.26.2020
DOL Issues New Guidance on FFCRA and Required FFCRA Posters
- Event
03.24.2020
Webinar | Navigating the Coronavirus and Managing the Impact
- Blog
03.23.2020
The Rise of State Individual Mandates - March 2020
- Event
03.19.2020
Webinar | HIPAA Privacy and Security Training 2020
- Blog
03.10.2020
Federal Agencies Issue Proposed Rules Addressing Transparency in Coverage
- Event
02.20.2020
Webinar | Qualifying Life Events & Permitted Election Changes 2020
- Blog
02.13.2020
The Rise of State Individual Mandates
- Blog
02.10.2020
Annual CMS Medicare Part D Disclosure Due for Calendar-Year Plans
- Event
01.23.2020
Seminar | Employment Law Landscape 2020
- Blog
01.22.2020
The Affordable Care Act’s Employer Mandate: Part 4
- Event
01.16.2020
Webinar | Wellness Programs 2020
- Blog
12.26.2019
Repeal, Repeat, Remand – Ho Ho Hum?
- Event
12.19.2019
Webinar | Year End Checklist and Future Forecast
- Blog
12.09.2019
Employer HIRD Form Due on December 15, 2019
- Blog
12.04.2019
Affordable Care Act Reporting Relief Extended for 2019
- Event
11.21.2019
Webinar | ACA Reporting Requirements
- Blog
11.20.2019
IRS Releases Draft 2019 Instructions for Forms 1094/1095
- Blog
11.08.2019
IRS Releases 2020 Limits for FSAs and Other Benefits
- Blog
10.28.2019
All That Glitters is not Gold
- Blog
10.28.2019
California Mandates a Notice Requirement for Flexible Spending Accounts
- Blog
10.28.2019
Medical Loss Ratio Rebates
- Blog
10.28.2019
The Affordable Care Act’s Employer Mandate: Part 3
- Event
10.17.2019
Webinar | Health Savings Accounts
- Blog
10.09.2019
2019 Massachusetts HIRD Form Filing Deadline Approaches
- Blog
10.04.2019
Insurance Carriers Approved for Mass Paid Family Medical Leave Act
- Blog
09.30.2019
New Health Reimbursement Arrangements Allowed Under Final Rules
- Event
09.19.2019
Webinar | New HRA Options
- Blog
09.19.2019
2020 Employer Affordability Safe Harbor
- Blog
09.18.2019
The Affordable Care Act’s Employer Mandate: Part 2
- Blog
09.17.2019
Medicare Part D Notice Reminder
- Event
08.15.2019
Webinar | Association Health Plans
- Blog
08.12.2019
And in this Corner…the Fight to Expand Association Health Plans Continues
- Blog
07.31.2019
New Guidance on Mass FMLA Payroll Contributions and Wage Withholdings
- Blog
07.22.2019
IRS Expands Definition of Preventive Care for Qualified High Deductible Health Plans
- Event
07.18.2019
Webinar | Annual Required Notices 2019
- Blog
07.10.2019
Tax Consequences of Gym Membership Reimbursement
- Blog
07.09.2019
Agencies Release 2020 Adjusted Limits
- Blog
07.08.2019
The Affordable Care Act’s Employer Mandate: Part 1
- Blog
07.01.2019
President Signs Executive Order to Improve Healthcare Price and Quality Transparency
- Event
06.20.2019
Webinar | Mid-Year Compliance Review
- Blog
06.18.2019
Mass Paid Family Medical Leave Update
- Blog
05.28.2019
Potential FMLA Violations
- Blog
05.24.2019
Annual PCORI Fee is due
- Blog
05.23.2019
The Status of Qualified Transportation Fringe Benefits
- Event
05.16.2019
Webinar | Wellness Programs
- Blog
05.03.2019
Massachusetts Online Exemption Application Now Available for Employers Seeking a Private Plan Option to State Paid Family Medical Leave Program.
- Blog
04.30.2019
Massachusetts Employer Alert
- Blog
04.26.2019
Massachusetts Releases New Guidance and Employee Notice Template For Massachusetts Paid Family and Medical Leave (PFML)
- Event
04.18.2019
Webinar | HIPAA Privacy & Security Training
- Blog
04.11.2019
Leave Laws Continue to Multiply
- Blog
04.10.2019
Massachusetts Creditable Coverage
- Blog
04.02.2019
Association Health Plans (AHPs) – Update
- Blog
03.25.2019
U.S. Department of Labor Releases Proposed Overtime Rule
- Event
03.21.2019
Webinar | Federal Continuation Coverage
- Blog
03.19.2019
Deadline Approaching: Paid Family and Medical Leave Act
- Blog
03.06.2019
Reminder: Annual CMS Medicare Part D Disclosure
- Blog
03.05.2019
Mistaken HSA Contributions
- Blog
03.04.2019
Frequently Misunderstood Health Savings Account Issues
- Event
02.21.2019
Webinar | FMLA & Employee Benefits
- Event
02.13.2019
Seminar | How to Survive a DOL Audit
- Blog
02.04.2019
Automatic Enrollment Given a Boost
- Event
01.29.2019
Employment Law Landscape 2019
- Event
01.17.2019
Webinar: ACA Reporting Requirements
- Blog
12.31.2018
Slowly Filling in the Blanks
- Blog
12.27.2018
Women’s Contraceptive Coverage under the Affordable Care Act (ACA) – Update
- Blog
12.20.2018
Making a List and Checking It Twice
- Blog
12.18.2018
Texas Federal Court Rules ACA Unconstitutional
- Event
12.14.2018
Webinar | Q4 2018 Health Care Reform Update
- Blog
12.03.2018
Employment Law Update: Minimum Wage Keeps Climbing
- Blog
12.03.2018
An End to Pharmacy Gag Clauses
- Blog
11.29.2018
2018 Form 1094/1095 Reporting
- Blog
11.21.2018
Do the HIPAA Privacy and Security Rules Apply to My Organization? Part Two
- Event
11.20.2018
Webinar | Back to Basics: Consumer-Based Plans 101
- Blog
11.16.2018
Better Late Than Never
- Blog
11.02.2018
Compliance Update: HRAs Poised For a Facelift
- Blog
10.22.2018
FMLA Update - Organ Donation
- Blog
10.18.2018
Do the HIPAA Privacy and Security Rules Apply to My Organization?
- Blog
09.14.2018
Navigating the Wellness Program Rules for 2019
- Event
01.23.2018
Employment Law Landscape 2018
- Blog
10.06.2017
Interim Rules on Contraceptive Exemptions