Another important event took place that November – the Presidential election. Republican presidential candidate Warren Harding, sensing Americans were tired of war, and tired of fighting for peace (ironically, although Wilson formed the League of Nations, the U.S. refused to join), campaigned on the slogan, “A return to normalcy.” His incorrect word usage (the word “normalcy” did not exist when he used it) may have been unserious, but the election results meant business: Harding won in a rout. Normalcy seemed to be back on the menu.
From 2020 to 2022, the U.S. government was engaged in a war of its own, fighting COVID-19 (or trying to, anyways, depending on who you ask). The Department of Health and Human Services (HHS), the federal agency designed to enhance the well-being of Americans, spent much time and resources navigating this public health crisis.
While COVID-19 has not formally ended, many Americans are anxious to put the events of the last two years behind them – to return to normalcy. As we got further into 2022, HHS’ Office for Civil Rights (OCR) became less focused on COVID-19 public health initiatives and more focused on traditional areas of concern. Enforcement of the Privacy Rule’s right of access provision, and ensuring patient PHI is not impermissibly used or disclosed, took center stage in 2022 and are poised to receive additional emphasis in 2023. The details of HIPAA changes 2023 are described below.
HIPAA Changes 2023: Return to Access
OCR completed investigation of 17 patient right of access cases in 2022. Fifteen of these resulted in a Resolution Agreement (Settlement), and two resulted in the imposing of a civil monetary penalty. The first 2022 resolution agreements were announced in March of 2022. The most recent resolution agreement was announced on December 15, 2022.
OCR launched its Right of Access Initiative in 2019, bravely taking the radical stand that the rules requiring covered entities to act on patient medical requests must be enforced. In 2019, there were two right of access settlements/fines. In 2020, there were 11. In 2021, there were 12. In 2022, there have been 17. 42 in total.
In 2022, OCR emphasized specific aspects of right of access non-compliance, which are recounted below. Providers may expect that these areas of non-compliance will be on OCR’s radar in 2023.