Embracing Change: Preparation for 2019 HIPAA Compliance

December 18, 2018

With the New Year just around the corner, we are all thinking about new goals we want to achieve and resolutions we want to keep.

While you are making plans to improve your health, your relationships, and your work-life balance, think also about how you would like to improve the world of healthcare.

As healthcare professionals and executives, you are directly involved with the policies and processes that impact patient health. With 2019 drawing near, we have several opportunities to make significant improvements to one of the most influential policies affecting patient experiences: HIPAA.

In 2019, we can expect several HIPAA compliance regulation changes to occur. Moreover, we will have the chance to shape the path HIPAA policy makers take in the years to come.

I invite you to prepare for the 2019 HIPAA changes from the perspective of affecting positive change. You and your personnel can make a difference. Here’s how.

2019 HIPAA Changes

Over the course of the last few months of 2018, my team and I at John Lynch & Associates have kept a close watch of the steps policy makers are taking to improve HIPAA compliance and applicability in the coming year.

HHS Notice of Proposed Rulemaking: 42 CFR Part 2 & the Opioid Epidemic

In March 2019, the Department of Health and Human Services (HHS) plans to release a Notice of Proposed Rulemaking centered around opening up channels of communication for those involved in putting an end to the opioid crisis.

After a bill to address the issue of opioid overdose failed in Congress, HIPAA regulations will be modified in order to implement the changes behavioral health and integrated health providers need to communicate pertinent information for opioid use and addiction patients.

Currently, healthcare providers struggle to work within HIPAA compliance requirements related to sharing important protected health information (PHI) to the point that such regulations are hampering the treatment process to the detriment of patient care.

To correct the ongoing issue, HHS plans to make changes to HIPAA compliance requirements to maintain the protection of PHI while improving the quality of care opioid patients receive. We anticipate that the changes will make it far easier for behavioral healthcare providers to coordinate care with other healthcare entities.

HHS RFI: HIPAA Breaches & Affected Patient Compensation

In our data-driven culture, we hear about breaches of PHI and individual data every week. Under HIPAA compliance regulations, breaches of PHI result in damages paid to the federal government.

However, HHS is considering adjusting the policies to state that affected patients should be entitled to a certain amount of the damages paid following a HIPAA violation. Such a policy has never been enacted before, which means delineating the practical and enforceable policies surrounding the change will be difficult – but necessary.

This policy is a step in the right direction to providing some form of justice to those most affected by HIPAA compliance violations. HHS’s request for information (RFI) will be critical to helping policy makers sort out a methodology for determining how much accessed data should yield a payout to the exposed patients and to what magnitude.

HHS RFI: Improving Secure PHI Communication Within Integrated Care

Similar to the changes we will be seeing applied to the opioid population, we will also be expecting a RFI from HHS regarding how integrated care entities can better coordinate pertinent patient health information. The goal is to alleviate the strict constraints of HIPAA compliance regulations regarding integrated care and value-based care without jeopardizing the security of PHI or personally identifiable information (PII).

HHS will need your help and insight in order to reshape HIPAA compliance regulations that can open up communication and improve care as we all try to move toward a value-based system by measuring desirable outcomes and provide more holistic healthcare to patients.

Educated Speculation

The best way to plan for future changes is to make educated predictions about where healthcare is headed in the next two, five, or even ten years. From the time an RFI is made to the time the changes are actually enacted nationwide, several years may have passed. Therefore, we must always be scanning the horizon and speculating about what is to come.

Telehealth & HIPAA

One such prediction my team and I are making is that of telehealth’s impact on HIPAA regulations. Telehealth for behavioral health and primary care are becoming increasingly popular, as are tools such as chatbots and artificial intelligence (AI).

To cope with the increasing trend toward all things digital, HIPAA compliance regulations will need to expand to include matters such as how PHI should be handled and kept secure during video conferences, digital chats, and e-correspondence.

New Uses of Healthcare Analytics & Population Health Data

Historically, healthcare providers and health plans stratified high-risk patients and examined data of the most burgeoning health concerns. More recently, however, we are stratifying everyone, particularly in the effort to move toward a value-based system.

This shift toward specialty data makes identifying individual patients far easier, particularly in mass data breaches, which are becoming increasingly common and problematic. Soon, HIPAA compliance regulations will need to address smaller subsets of data and how that information is used.

As we stratify data more and more to catch up with the Centers for Medicare & Medicaid Services (CMS), our privacy regulations must also catch up to allow us to make meaningful use of the data without risking the privacy of patients.

The HITECH Act Will Get Even More High Tech

In anticipation of our evolving digital world, the Health Information Technology for Economic and Clinical Health (HITECH) Act was put in place to encourage healthcare providers to embrace electronic health record systems. However, it seems the evolution of these systems has transpired faster than we imagined.

For example, healthcare providers and health plans are now using smartphone surveys and other high tech data collection methods to collect PHI. These avenues need to be secured and regulated.

I predict these three changes will come over the course of the next five years. Until we get word that change is indeed on its way, we can all begin preparing for these inevitable, tech-driven developments by engaging in open dialogues about the most effective way to execute such changes and to prepare patients as best as possible.

How to Prepare for the Changes Ahead

Educating yourself and your staff is the first step in preparing for new terrain in the coming years. By being a part of the conversation, you are doing a great service to yourself and your organization to build one success upon another.

Continuing on that path, there are several other ways you can prepare for the changes ahead.

1. Respond to RFIs. Advancing healthcare requires collaboration. Do your part to propel this life-saving industry forward by contributing your intelligence, expertise, and insights at every opportunity.

2. Look forward to transformation. At the executive level, envision what you would like to see for your healthcare organization in the future. Consider a two-year lead time to keep up with anticipated changes and plan for the future you desire. How do you want to transform and leave your mark on the industry? Where do you see the future of healthcare and technology headed?

3. Facilitate multi-level conversations. Improvement requires input from all levels, including directors, management, VPs, and more. Including both visionaries and line-level employees in the discussion is the key to successfully bridging the gap between the theoretical best practices and what can practically help during boots-on-the-ground work.

HIPAA changes are coming. The federal government is open to the conversation. Now is the time to take advantage of this opening and contribute. Even organizations that do not yet have the technology being discussed can contribute immensely by offering a unique perspective.

The HIPAA and healthcare landscapes change every ten to fifteen years. Have a say in how it changes by speaking up today.

What changes do you foresee impacting your work in the coming years? Let us know in the comments below and kick the conversation off on the right foot.