Medicare Compliance & Reimbursement

The government usually updates HIPAA to clarify rules and add protection for patients, but sometimes the feds’ tinkering leads to more problems.

Case in point: The recent court ruling on HIPAA’s Right of Access rules and how past regulation changes — specifically the Omnibus Rule of 2013 and the 2016 Guidance on patients’ rights to their medical records — may cause more confusion for covered entities (CEs) and their business associates (BAs) than previously thought. Plus, when you add recent HHS Office for Civil Rights (OCR) enforcement against providers for information blocking and federal input that promotes patient-centered policies to the equation, even more issues are bound to ensue (see story, p. 29).

In light of the case and other Department of Health & Human Services (HHS) changes, practices should prepare for patients’ requests as well as third party concerns, suggests HIPAA expert Jim Sheldon-Dean, founder and director of compliance services at Lewis Creek Systems LLC in Charlotte, Vermont. He offers four tips to keep you on the right side of the regulation change:

1. Remember the HIPAA rules. “Make sure you provide access to individuals according to the rules for individual access only,” Sheldon-Dean cautions.

2. Update your authorization policies. “Be ready to redirect requests from third parties to your authorization process for releases,” he advises.

3. Stay on top of federal mandates. “Keep your eyes out for the final rules on data blocking and be ready to change processes again,” he says.

4. Pay attention to your patients. “Always do your best to satisfy reasonable requests from individuals and do what is best for their healthcare; happy patients don’t complain to HHS,” warns Sheldon-Dean.