HIPAA has been a brick wall for data access for health companies. Legitimate? Yes, we always want to protect health data. But we also want to use the data to improve care at the request of the patient. In December 2020, the federal government proposed several updates to HIPAA to encourage better data sharing between health care providers and health tech companies that “empower patients, improve coordinated care, and reduce regulatory burdens.” Here are the quick take-aways:
- We have to start with a reminder that any updates to HIPAA will require your company to revise your policies and legal language, including: your Notices of Privacy Practices, relevant operational processes, and effected Business Associate agreements. Don’t forget to retrain your staff too!
- Once you have these administrative tasks out of the way, treatment providers will no longer have to obtain signatures from patients acknowledging they have been provided a copy of the provider’s Notice of Privacy Practices. They will have more freedom to disclose and discuss PHI with your company to improve patient care coordination and health outcomes.
- If you provide auxiliary support or support community-based organizations offering auxiliary support to patients such as transportation, food or housing services that improve health outcomes, the requirements around data sharing with health care providers may be incrementally removed through modernized HIPAA, Interoperability, and Information Blocking rules.
- Keep in mind that this is a proposed rule released under the Trump Administration. However, with the ONC Information Blocking Rule going into effect this spring, Biden’s team will have to remedy data access policy discrepancies quickly. So look out for a possible final rule in 2021.
In 2018, the EU implemented a law called the General Data Protection Regulation (GDPR) that protects all data collected on a person. The reality of increased care coordination efforts and payment programs beyond the provider space will likely accelerate us towards needing a national-level GDPR-type law to cover health data appropriately – stay tuned for more from Elevation on this topic!