At the end of 2020, a proposal from the Department of Health and Human Services (HHS) to revamp the HIPAA Privacy Rule to make it more patient-friendly, was put on the table. A new Information Blocking Rule, implemented to prevent information blocking by healthcare providers, technology companies, and exchanges, had just become effective. An end-of-the-year HHS proposal to put more teeth into the HIPAA right of access had also just been announced.
2021, from a HIPAA perspective, very much was shaping up to be The Year of the Patient. Flash forward to the end of 2021. The proposed revamp of the Privacy Rule, designed to put patients in the driver’s seat, is still that – a proposal. The proposed changes to the right of access have yet to be implemented. HHS HIPAA activity in 2021 reflected very much the news of that year: In January, a new presidential administration came to power. The COVID-19 pandemic raged on, but vaccines were finally available, along with increased access to telehealth. What we got from HHS in 2021, then: installation of a new Director for the Office for Civil Rights, expansion of COVID-19-related enforcement discretion, and issuance of guidance on HIPAA, COVID-19 vaccinations, and the workplace. Some HIPAA 2022 predictions are offered below.
HIPAA 2022 Predictions: Securing the Blessings of HR 7898
In early January of 2021, HR 7898, which has been nicknamed the “HIPAA Cybersecurity Recognized Best Practices Bill,” was signed into law. The bill amends the HITECH Act to require the Department of Health of Human Services to consider whether a covered entity or business associate has met recognized security practices when HHS makes certain determinations, such as whether to bring an enforcement action, select an entity for an audit, or issue a monetary penalty.