We are seeing an exponential increase in telehealth facilities owing to the situational crisis precipitated by the recent global pandemic. With the emergence of new technologies in the healthcare industry, frequent modifications to laws and regulations governing medical information have become critical.
HIPAA is one of the critical regulations governing patient medical records or health plans and how medical information is stored and disseminated by medical institutions, insurance providers and other bodies that handle or process medical documents.
Given the increasing digitization of medical information and a cyber security landscape rife with the threats of data breaches, ransomware attacks and data leaks, there is an urgent need to protect citizens' personal and health-related data.
HIPAA: The basic guidelines
The HIPAA (Health Insurance Portability and Accountability Act) federal law was signed on Aug 21, 1996, supersedes all state laws to safeguard medical information and serves the following purposes:
- To combat abuse, fraud and waste in health insurance and healthcare service delivery.
- To improve access to long-term healthcare services, coordinated care, and medical insurance.
- To provide continuous health insurance coverage for citizens who have lost or changed jobs.
- To eventually reduce the cost of healthcare services by regularizing the electronic transmission of all administrative and associated financial transactions.
HIPAA contains five sections or titles:
- Title I: HIPAA Health Insurance Reform
- Title II: HIPAA Administrative Simplification
- Title III: HIPAA Tax-Related Health Provisions
- Title IV: Application and Enforcement of Group Health Plan Requirements
Of these, Title II is what we mean when we refer to the HIPAA privacy rule or HIPAA right of access. It mandates national standards for processing electronic healthcare transactions and secure electronic access to health data compliant as per the Department of Health and Human Services (HHS).
The HHS Office for Civil Rights (OCR), which enforces HIPAA security rules, performs audits and can issue penalties for HIPAA noncompliance. As a result, HIPAA violations can prove quite costly for healthcare organizations.
Evolution of HIPAA: 2022 HIPAA changes that affect how medical information is handled
New rules to expand access and ease restrictions on access and sharing of medical information were necessary for the last couple of years to allow patients to access medical help virtually during the COVID pandemic. But, at the same time, it was essential to protect patients; from data leaks.
- One of the significant changes to HIPAA was the Security Rule that introduced three safeguards (administrative, physical and technical) to protect the integrity of electronically stored and transmitted Protected Health Information (ePHI). Compliance with this changed law needed the implementation of mechanisms to ensure the end-to-end security of patient data and processes to prevent a data breach. As a result of this change, many institutions were investigated over data breaches and had to pay hefty fines. For example, In August 2016, Advocate Health Care Network was fined $5.55 million for the unauthorized disclosure of almost 4 million patient health care records due to theft of a portable electronic device.
- The 21st Century Cures Act (Cures Act), signed on Dec 13, 2016, empowers patients to access, exchange, and use their electronic health information however they wish. It was designed to increase choice and access both for patients and providers. It eases regulatory burdens related to electronic health records (EHR) and other health information technology (HIT) systems. Both HIPAA and the Cures Act guide how protected health information (PHI) is shared. While HIPAA seeks to prevent unauthorized access to PHI, the Cures Act encourages access and exchange to appropriate parties.
- The Coronavirus Aid, Relief, and Economic Security Act, or CARES Act, is one of the largest stimulus packages in US history to address the COVID-19 pandemic. Part 2 of the Cares Act requires federal programs to obtain a patient's consent before disclosing their identifying information outside of the program, including before disclosing it to other health care providers. In addition, patients may request an accounting of disclosures and request restrictions on the use and disclosure of their information, as permitted by the HIPAA Rules.
- The HIPAA Safe Harbor Law, signed in January 2021, is an amendment to the HITECH Act, which, in 2009, introduced stricter penalties for HIPAA violations. The amendment reduces the administrative burden on any Covered Entity for sharing medical data and for better healthcare coordination. In addition, it provides an opportunity for HHS to refrain from enforcing penalties in specific circumstances.
- More proposed changes to the HIPAA law are expected in late 2022 to reduce the administrative burden on healthcare providers, strengthen patients' rights to access their own healthcare data, and improve data sharing between HIPAA-covered entities.
Some examples of expected 2022 HIPAA changes:
- Allowing patients to inspect their PHI in person and take photographs of their medical records or take notes.
- Ensuring individuals are not faced with unreasonable measures when exercising their right of access.
- Specifying when ePHI must be provided free of charge, such as when individuals inspect their PHI in person or use an Internet-based patient portal.
You can get more information on the upcoming 2022 HIPAA changes here.
How do you ensure compliance with the 2022 HIPAA changes?
Healthcare organizations must invest in robust systems and cloud infrastructure to access, share, and secure electronic health records.
DRS Imaging provides secure medical records scanning services to enable digitization in the healthcare sector.
Mercury, our industry-leading document management system, provides affordable cloud-based storage and promotes ease of access and remote collaboration while maintaining strict access controls.
Our advanced data capture technology can aggregate data from all structured and unstructured sources, including handwritten prescriptions, and large-format reports, into a central digital repository.
We have document scanning bureaus across the US for secure conversion of records. Our scanning facilities are SOC-2 certified, and we follow the highest standards of data security. For example, one of our newest scanning centers in Santa Ana, CA, offers records storage for healthcare service providers in an end-to-end HIPAA-compliant manner.
Our digital transformation solutions for healthcare institutions and service providers help them to maintain compliance with the latest regulations in the healthcare industry, including HIPAA, HITECH, the CURES Act and more.
Connect with DRS to digitize healthcare records securely and cost-effectively, and stay updated with the latest 2022 HIPAA changes to ensure healthcare compliance.