The HIPAA Privacy Rule—the one that has been around for nearly 25 years— is about to change. the proposed 2021 HIPAA changes will change your medical practice’s daily operations, including the forms you use, your website, and even your workflow. Here’s how .

Don’t want to read the 300+ page Proposed Rule? Take our online course to get the essentials for providers. Link below.

About the Proposed Rule

In January 2021, HHS issued its “Proposed Modifications to The HIPAA Privacy Rule to Support, and Remove Barriers to, Coordinated Care and Individual Engagement.”

What does “Notice of Proposed Rulemaking” mean?

The process goes like this: HHS issues a preview of the new rule, opens a 60 day comment period to get feedback from stakeholders, then issues a Final Rule. Right now, the comment period has been extended to May 6th, 2021.

It’s reasonable to assume that most of these changes are likely to pass—

…And it doesn’t hurt to prepare for it now.

When Will Changes Go Into Effect?

Once HHS issues a Final Rule, it goes into effect 60 days after publication. Providers will have 180 days to comply.

The entire proposed rule can be found here. But you don’t need to read all 300+ pages, because we’ve pulled out the important parts affecting providers.

What It Means For Medical Practice Operations

Several of the proposed changes will alter how providers do day-to-day business. For example, the new rule:

  • Requires changes to common patient forms, such as the Notice of Privacy Practices.
  • Cuts in half the time that providers have to respond to medical records requests (15 days, from 30 days)
  • Requires practices to post their medical records charges on their websites
  • Requires providers to send patient records electronically to other third parties, at the patient’s request, and
  •  to request ePHI on behalf of patient at the patient’s request
  • Workforce HIPAA training will need to be updated to reflect changes
  • Requires updates to HIPAA Policies and Procedures

Why Change the HIPAA Privacy Rule for 2021?

Why is the government rolling out these big changes?

  • The “Regulatory Sprint To Coordinated Care.” This HHS initiative examines regulatory burdens that could impede the transformation of healthcare in the U.S.
  • Shift from Fee for Service (FFS) to Value Based Care (VBC). VBC requires more nimble coordination and information sharing between stakeholders
  • Barriers to Coordinated Care. Certain aspects of the Privacy Rule have been identified as barriers to coordinated care and case management

How Patient Rights Are Affected

The proposed rule adds new rights for patients, while also removing certain privacy protections. For example, the new rule would give patients the right to inspect PHI in person and take pictures (e.g. with a “smart” phone). While the rule specifies that providers and patients should work out a mutually agreeable time and place, it also states that patients could have a right to do this during their visit. This could potentially affect provider workflows and productivity.

The rule gives providers greater discretion to make unauthorized disclosures when the threat of harm to the patient is “serious and reasonably foreseeable” (vs. “serious and imminent”). Providers would be given greater leeway to share information about substance use disorder (SUD) and make mental health disclosures.

2021 Changes to the “Minimum Necessary” Rule

The proposed rule creates exceptions to the “minimum necessary” standard to allow for individual level case management and care coordination

Other Changes Impacting Your Medical Office

Since 2021 will usher in major changes to HIPAA, your will need to provide your staff with updated HIPAA Training reflecting the changes. Go to our highly rated HIPAA For the 2020s Online Training Program (with Certificate) , which includes a new module with the 2021 changes to get your team’s HIPAA knowledge up to date.