Electronic Healthcare Records , Governance & Risk Management , Healthcare Information Exchange (HIE)

Proposal for HIPAA Modifications Coming by Year's End

Interview: HHS OCR's Timothy Noonan on Potential HIPAA Changes, Other Agency Initiatives
Timothy Noonan, deputy director for health information privacy, HHS OCR

The Department of Health and Human Services’ Office for Civil Rights plans to issue a notice of proposed rulemaking before the end of the year to modify the HIPAA rules, says Timothy Noonan, the agency’s deputy director for health information privacy.

See Also: OnDemand | Making the Connection Between Cybersecurity and Patient Care

Back in December 2018, OCR issued a request for public input on potential changes to HIPAA to improve the coordination of care, he notes in an in-depth video interview with Information Security Media Group (see HHS Seeks Feedback on Potential HIPAA Changes).

Many of the questions OCR posed in its RFI revolved around the perceived obstacles in sharing patient information among healthcare providers, as well as the burdens often put on patients and their families to have that information exchanged, he notes.

Also complicating those issues are the challenges involved in sharing mental health and opioid addiction information, including balancing better care coordination with patient privacy concerns.

“We got really great feedback - 1,300 comments and close to 4,000 pages of response,” Noonan says. “And we read every comment and try to balance the interests of everyone [regarding] the privacy and security of the health information vs. the desire to have flexibility to share it where the circumstances are warranted.”

Addressing the timing of the release of a proposal, he says, “We’re near the end of the review and clearance process and anticipate to issue a notice of proposed rulemaking on the HIPAA Privacy Rule later this year. And again, the public will have the opportunity to comment on it and we'll consider if any of the proposed modifications should be made permanent.”

Telehealth Regs Update

In the meantime, because the use of telehealth has grown substantially during the COVID-19 pandemic, OCR is also assessing whether there are potential benefits in making permanent any aspect of the telehealth notice of enforcement discretion that was issued in March “and if so, how that best might be accomplished,” Noonan says. “Would that require modification to the [HIPAA] rules through rulemaking? Is this something we could do through guidance?”

To help guide those decisions, OCR will also consider feedback that the agency gets through its enforcement program and the emails and other input it receives from healthcare organizations, medical professionals and the public about their experiences with telehealth, he says.

In the interview, Noonan also discusses:

  • Health data breach trends;
  • The status of OCR’s HIPAA enforcement program activities;
  • HIPAA compliance advice for covered entities and business associates;
  • Other OCR plans for the months ahead.

Noonan is deputy director for health information privacy at HHS OCR. Previously, he served in OCR headquarters as the acting associate deputy director for operations and the acting director for centralized case management operations. Prior to joining OCR in 2013, Noonan was a supervisory general attorney for the U.S. Department of Education, Office for Civil Rights, and a shareholder in a Michigan law firm.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.