HIPAA Changes 2023

In November of 1918, the First World War (naively called “The Great War”) ended. (For people who appreciate or read into symmetry, World War I ended at the 11th hour on the 11th day of the 11th month of 1918). The League of Nations, the peacekeeping body and the precursor to today’s United Nations, was founded in January 1920 by President Woodrow Wilson and held its first meeting in November of that year.

Another important event took place that November – the Presidential election. Republican presidential candidate Warren Harding, sensing Americans were tired of war, and tired of fighting for peace (ironically, although Wilson formed the League of Nations, the U.S. refused to join), campaigned on the slogan, “A return to normalcy.” His incorrect word usage (the word “normalcy” did not exist when he used it) may have been unserious, but the election results meant business: Harding won in a rout. Normalcy seemed to be back on the menu.

From 2020 to 2022, the U.S. government was engaged in a war of its own, fighting COVID-19 (or trying to, anyways, depending on who you ask). The Department of Health and Human Services (HHS), the federal agency designed to enhance the well-being of Americans, spent much time and resources navigating this public health crisis. 

While COVID-19 has not formally ended, many Americans are anxious to put the events of the last two years behind them – to return to normalcy. As we got further into 2022, HHS’ Office for Civil Rights (OCR) became less focused on COVID-19 public health initiatives and more focused on traditional areas of concern. Enforcement of the Privacy Rule’s right of access provision, and ensuring patient PHI is not impermissibly used or disclosed, took center stage in 2022 and are poised to receive additional emphasis in 2023. The details of HIPAA changes 2023 are described below.

HIPAA Changes 2023: Return to Access

OCR completed investigation of 17 patient right of access cases in 2022. Fifteen of these resulted in a Resolution Agreement (Settlement), and two resulted in the imposing of a civil monetary penalty. The first 2022 resolution agreements were announced in March of 2022. The most recent resolution agreement was announced on December 15, 2022.

OCR launched its Right of Access Initiative in 2019, bravely taking the radical stand that the rules requiring covered entities to act on patient medical requests must be enforced. In 2019, there were two right of access settlements/fines. In 2020, there were 11. In 2021, there were 12. In 2022, there have been 17. 42 in total.

In 2022, OCR emphasized specific aspects of right of access non-compliance, which are recounted below. Providers may expect that these areas of non-compliance will be on OCR’s radar in 2023.

Make Sure You’re HIPAA Compliant

We can help make sure your HIPAA program is always up to date!