2021 marks the 25th year of the Health Insurance Portability and Accountability Act, or HIPAA — the legislation that provides security provisions and data privacy for safeguarding medical information. As security threats evolve and adapt, HIPAA is in a constant state of flux. We will look at some of the most recent HIPAA trends that will impact your organization as we approach the silver jubilee of this landmark law.
#1. HIPAA Trend - The Right of Access InitiativeLast year, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announced the Right to Access Initiative. It is a significant policy change that promises to enforce the rights of patients who want to receive copies of their medical records quickly and without being overcharged. For nearly a quarter of a century, HIPAA trends have vowed to keep protected health information (PHI) secure and private, but many critics of the legislation argue that it's just too complicated and expensive to access one's personal medical records. The new changes could combat these challenges.In September 2019, the OCR fined a hospital in Florida $85,000 for failing to provide PHI to a patient in a timely matter — the first-ever settlement of a HIPAA right of access claim. In addition to this fine, the hospital had to agree to a corrective action plan that promised to develop, maintain, and revise, where necessary, its "right of access" policies and procedures. More organizations will be facing these new HIPAA trends and need to be prepared."The case itself was fairly routine," notes the American Society for Clinical Pathology. "It began in October 2017 when the mom sent Bayshore a timely written request for access for the fetal heart monitor records from her delivery. We can't find the records, Bayfront replied. The mom then went to an attorney and filed a complaint with the OCR, which initiated an investigation." Patients are sharing more of the cost in their healthcare than ever before, and are rightfully requesting comprehensive documentation. Organizations must be thinking of the right of access for patients and how they will handle these requests.What does this all mean for your organization? Going forward, this will be the new HIPAA trend and the OCR will clamp down on other hospitals and organizations that fail to comply with the Right of Access Initiative. To avoid hefty penalties, it's a good idea to revise policies and procedures that pertain to right of access, which allows patients to access medical records quickly and cheaply. Luckily, technology and a well-implemented and interconnected EHR can assist with this.
#2. HIPAA Trend - OCR Increases Penalties for Non-ComplianceIn November 2019, the OCR announced that it would increase penalties for HIPAA non-compliance in accordance with the Inflation Adjustment Act. The new rules will cover civil monetary penalties for HIPAA violations that occurred on or after February 18, 2009. Penalties have increased significantly per violation, with a new annual cap per violation category. The maximum penalties for each of the four tiers — based on the severity fo the violation — are as follows:
- Tier 1: $58,490
- Tier 2: $58,490
- Tier 3: $58,490
- Tier 4: $1,754,698