Two proposed rules from the last few weeks of the Trump administration may be of note to some of our readers. The first addresses changes to the HIPPA Privacy Rule, aiming to promote care coordination and value-based care. A second proposed rule aims to streamline prior authorizations and make data sharing easier.
HIPPA Proposed Rule
On December 10, 2020 the HHS Office for Civil Rights (OCR) issued a Noticed of Proposed Rulemaking (NPRM) that proposes pivotal changes to key standards, definitions, and patient rights under the HIPAA Privacy Rule, which are geared toward promoting care coordination and value-based care, and empowering patients with greater access to their health information.
The proposed rule does several notable things:
- Shortens response time for patient health record requests from 30 days to 15 days (with a 15 day extension under limited circumstances).
- Reduces identity verification burdens on patients (or their personal representatives) exercising a right under the Privacy Rule.
- Amends the definition of health care operations to permit disclosure of patient information for care coordination and case management activities, whether population-based or focused on particular individuals.
- Clarifies the minimum necessary standard with respect to care coordination and case management activities.
- Removes antiquated elements of Notice of Privacy Practices (NPP) requirements.
- Amends the permissible fee structure for responding to patient health record requests and requires covered entities to post estimated fees on their website for access and for disclosures with a patient’s authorization.
- Clarifies and facilitates family and caregiver involvement in the care of individuals experiencing emergencies or health crises.
If finalized, these proposals will require HIPAA-regulated entities to update their policies and procedures that impact daily business operations, train workforce members on updated processes, revise their Notice of Privacy Practices, renegotiate business associate agreements to comply with the new requirements, and coordinate compliance with the conglomerate of overlapping privacy, interoperability, information blocking, patient access, and value-based regulatory frameworks – each of which is actively transforming the way in which the health care industry shares patient information.
Prior Authorization Proposed Rule
Another proposed rule released by the Centers for Medicare & Medicaid Services (CMS), requires payers in certain government programs to build application programming interfaces for data exchange and prior authorization. The rule tackles a common complaint from providers that prior authorization has increased in use among plans and takes up too much time away from patients.
“Prior authorization is a necessary and important tools for payers to ensure program integrity, but there is a better way to make the process work more efficiently to ensure that care is not delayed and we are not increasing administrative costs for the whole system,” said CMS Administrator Seema Verma in a statement.
The rule applies to payers in Medicaid, the Children’s Health Insurance Program and qualified health plans. CMS noted that it is considering whether to include Medicare Advantage plans in a future rule. Additionally, the proposed rule would reduce the amount of time providers have to wait for a decision from a payer on a prior authorization request. It proposes a maximum 72-hour limit for payers for urgent requests and seven calendar days for nonemergency requests.