The Future of HIPAA: What’s Going on for 2022 and BeyondGreg Garner
On paper, the definition of “privacy” has not changed since its addition to the dictionary. In reality, privacy has a very new meaning. What does it mean to be private in a world that is constantly connected by technology?
That is a question that many lawmakers are asking regarding HIPAA privacy laws in the year 2021. In the wake of Covid-19, new privacy concerns have come into sharper focus. What needs to change when confidentiality becomes a barrier instead of protection?
It is hard to say exactly how long HIPAA has been in action, as it’s a dynamic bit of policy that is always changing. The changing nature of this legislation is part of what makes it so significant. Can HIPAA law adapt to the changing digital landscape in healthcare, and how?
Are you curious about the changes that might be in store for a digitally connected, post-pandemic world? Read on to learn a brief history of HIPAA and what you may expect in the future.
A Brief History of HIPAA
HIPAA, or the Health Insurance Portability and Accountability Act, hasn’t been a fixture forever. In fact, it has only existed in its current form since about 1996. That makes the Act about twenty-five years old this year.
Many things have changed since the days when this legislation came to be.
In 1996, there were no smartphones, tablets, or even wireless internet. Storing digital data was still a very new phenomenon with many complications attached. 1996 was the age of the floppy disc, and before anyone even knew to be wary of Y2K.
HIPAA was first enacted to protect health information tied to insurance when employees moved from one job to another. Another goal was to prevent abuse and fraud in the healthcare setting.
HIPAA was the first piece of legislation to define a “preexisting condition.” Furthermore, it served to simplify insurance administration across the country.
With data protected, the medical field had the opportunity to forge into new territory. They began to computerize patient records and medical information. This made things simpler for large organizations to store and maintain patient data.
This led to the development of HITECH or the Health Information Technology for Economic and Clinical Health Act in the year 2009. In essence, this is when the rule regarding reporting electronic data breaches came to be.
Privacy and Protected Health Information
When the average person thinks of HIPAA, they think of data privacy. The privacy rule actually didn’t go into effect until 2003. This rule protects information defined as Protected Health Information or PHI.
HIPAA defines Protected Health Information as “any information held by a covered entity which concerns health status, the provision of healthcare, or payment for healthcare that can be linked to an individual.” In essence, your personal medical data, including treatments, office visits, expenses, and diagnoses.
HIPAA ensured that medical practitioners couldn’t use this personal information for personal gain. For example, your data could not become part of a research study without your consent. It prevented your information from becoming part of any marketing or fundraising campaigns.
Security Provisions and Safeguards
By 2005, rules surrounding security would go into effect. These are the rules that protect electronic data, known as Electronic Protected Health Information or ePHI. These rules asked entities to adhere to three specific safeguards to remain in compliance.
Foremost, entities had to address the administrative safeguard—this required policies to help entities comply with HIPAA and all security policies.
The second safeguard was physical. Entities needed to ensure that the data was physically stored in a way that would limit or eliminate access to those who were not entitled to the information.
Finally, technical safeguards were in place. These existed to protect electronic communications surrounding data. This specifically referred to ePHI shared or discussed over open networks.
The Final Omnibus Rule
The most recent addition to HIPPA was the Final Omnibus rule, which only came in 2013. Compared to previous changes to HIPAA, this rule did not affect much. It filled in gaps that had come to light as technology developed and gray areas became clearer.
This rule involved defining the encryption standards for ePHI. The goal of these standards was to keep health information safe in the event of a breach. It accomplished this by making it inaccessible without a specific cipher.
In 1996, and even back in 2009, smartphones still weren’t a concern. By 2013, the final omnibus rule had no choice but to address the role of mobile devices in reference to privacy. It addressed the fact that practitioners use their personal devices to discuss or transfer ePHI, and created provisions to protect data.
Looking to the Future
Since the addition of the final omnibus rule in 2013, things have changed even further. There was no way that the floppy disc using lawmakers of 1996 could have predicted a world in which personal phones serve as most people’s primary computers. Things have changed in the technological landscape, and, traditionally, HIPAA has shifted along with it.
We live in an era in which openness and sharing are social norms. There are more open networks than closed ones. In a world where everything is digital and available immediately, where exactly do privacy laws fit in?
This new digital landscape is about more than smartphones. The Covid-19 pandemic increased the reach and scope of telemedicine options. This turned entire medical visits into virtual experiences.
Wearable health devices also became more popular. Such devices are transmitting PHI directly to doctors twenty-four hours per day.
As it turns out, most people count confidentiality as one of the reasons they feel safe seeking medical assistance at all. The existence of HIPAA has ensured that patients do not face discrimination or public embarrassment due to any diagnosis they may carry. Now more than ever, it is important that we find a way to keep ePHI safe in a changing world.
In fact, it is HIPAA’s inherent flexibility that makes it such an ideal piece of legislation in a changing world. Discussion of a new amendment of the privacy rule first began in December of 2020.
Changes to Come?
One of the biggest changes would increase the right to access health information for individuals, known as the Right of Access. This would include information stored electronically.
During the pandemic, many caregivers felt frustrated when they could not help older adults in their families. This was mostly due to a lack of access to their medical data. This made it particularly challenging during emergencies.
With health crises happening regularly, especially for the senior population, many individuals are hoping for change.
In fact, legislators are hoping to see HIPAA address emergency health situations for all individuals. Many hope for a provision to rules surrounding public health emergencies like Covid-19. The process of contact tracing at the height of the pandemic raised many questions about what data is fair game during a state of emergency.
Individuals who are not fans of HIPAA cite these issues and more as reasons why change is necessary. Entities that fear retribution are over cautious about following these laws, frustrating patients. The key might be making data more accessible, not less.
New Legislation for a New World
More than anything, Covid-19 has brought to light how adaptable human beings can be. Our infrastructure is immense and allowed patients to continue receiving care without leaving home. Medical practitioners continued to monitor patients because the technology was on their side.
New updates to HIPAA will have to address the reality of the technological landscape and the need for further flexibility. At the same time, the law must continue to keep Protected Health Information safe. It is the only way to ensure that the population continues to feel safe enough to seek medical care.
Lawmakers believe that the flexibility of HIPAA will allow for positive change as we move into the future. Medical establishments are more reticent. They have valid concerns about the burdens of compliance in a world where all the rules are shifting.
Change is coming, whether HIPAA keeps up or not. The hope is that we will be able to strike a balance that keeps everyone safe and accountable.
Compliance in a Changing World
If you have concerns about HIPAA compliance in a changing world, the latest training can help. HIPAA Exams offers easy, accessible online courses that always reflect the latest legislation. The courses ensure that you will remain in compliance, regardless of how the world is changing.
Visit HIPAA Exams today to browse the IACET accredited course offerings. Bulk pricing is available to help get your entire office back on track. You’ll be ready for whatever the world or the law throws at you.