HIPAA Compliance Proposed Changes

Mitigate Compliance Discrepancies and Maintain Revenue

Maintaining data integrity is one of the foremost concerns of medical practices. A data breach or other such violation of HIPAA regulations results in huge financial penalties, permanent brand defamation and, worst of all, loss of patients trust in your practice. AltuMED understand the seriousness of this requirement and is HIPAA compliant. Not only will we maintain all aspects of your RCM processes in compliance with HIPAA security regulations but will advise on making your practice, a HIPAA complaint entity too. The data we obtain while working with our clients is processed with keeping the compliance requirement under check. Each of our client is made to sign the HIPAA agreement thus mitigating any discrepancy. In order to keep true on our promise, we keep firm eye on the industry changes in this regard.

Changes Proposed to the HIPAA Privacy Rules

The Department of Health and Human Services (HHS) has proposed changes to the HIPAA Privacy Rules. The purpose of these changes is to support individuals’ engagement in their care, remove barriers to coordinated care, and reduce regulatory burdens on the health care industry.

“Our proposed changes to the HIPAA Privacy Rule will break down barriers that have stood in the way of commonsense care coordination and value-based arrangements for far too long,” said HHS Secretary Alex Azar. “As part of our broader efforts to reform regulations that impede care coordination, these proposed reforms will reduce burdens on providers and empower patients and their families to secure better health.

Among the features of the proposed changes are:

  • Greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises.
  • Enhance flexibilities for disclosures in emergency or threatening circumstances, such as the opioid and COVID-19 public health emergencies

In addition to enhancing patient access to health information the proposed rule will reduce the burden on physicians when sharing information with other care providers. These changes are intended to enhance co-ordination of care and allow care givers to develop new ways to innovate.

Some of the more interesting features of the proposed rule that will have a direct impact on providers are:

  • Shortening covered entities’ required response time to no later than 15 calendar days (from the current 30 days) with the opportunity for an extension of no more than 15 calendar days (from the current 30-day extension).
  • Reducing the identity verification burden on individuals exercising their access rights.
  • Requiring covered health care providers and health plans to respond to certain records requests received from other covered health care providers and health plans when directed by individuals pursuant to the right of access.
  • Specifying when electronic PHI (ePHI) must be provided to the individual at no charge
  • Clarifying the scope of covered entities’ abilities to disclose PHI to social services agencies, community-based organizations, home, and community-based service (HCBS) providers, and other similar third parties that provide health-related services, to facilitate coordination of care and case management for individuals.
  • Replacing the privacy standard that permits covered entities to make certain uses and disclosures of PHI based on their “professional judgment” with a standard permitting such uses or disclosures based on a covered entity’s good faith belief that the use or disclosure is in the best interests of the individual. The proposed standard is more permissive in that it would presume a covered entity’s good faith, but this presumption could be overcome with evidence of bad faith
  • Expanding the ability of covered entities to disclose PHI to avert a threat to health or safety when a harm is “serious and reasonably foreseeable,” instead of the current stricter standard which requires a “serious and imminent” threat to health or safety.
  • Eliminating the requirement to obtain an individual’s written acknowledgment of receipt of a direct treatment provider’s Notice of Privacy Practices (NPP).
  • Requiring covered entities to post estimated fee schedules on their websites for access and for disclosures with an individual’s valid authorization6 and, upon request, provide individualized estimates of fees for an individual’s request for copies of PHI, and itemized bills for completed requests.

This is only a proposed change but there are many aspects that are expected to make it into the final rule. As with any proposed change, you should not take any action at this time, but it is important that you be aware of these changes and be ready when the final rule is published.

AltuMED can assist you in:

Enhancing Profits

Non-compliance costs more than twice the cost of maintaining or meeting compliance requirements. The average cost for organizations that experience non-compliance problems is $14.82 million, a 45% increase from 2011. Proactively handling such requirement is made foremost priority at AltuMED. Understanding the dire HIPAA regulations and maintaining them since last 10 years of practice without any hiccups enables us to maintain smooth running of operations in this ever evolving RCM healthcare landscape, enhancing revenue inflows and mitigating losses.

Data Managing Practices

AltuMED Billing Software is built as per HIPAA regulations therefore cannot be hacked by outside. Moreover, patient data being processed in the system is coded and kept secure. Every team member using it, is made to sign the HIPAA agreement, undertaking the data security clause with severity. AltuMED understand that to maintain compliance, teams need to integrate, respect and understand each other roles i.e. a finance member need to be in liaison with a person from clinical side to completely maintain the requirement. AltuMED therefore offers respective trainings to meet this gap.

Building Patient Trust

AltuMED through its technologically advanced systems allow practices to maintains clear and open communications with each of their patients through portals, this transparency instills trust on their part and allow them comfort to maintain business with your practice

Helping you attain the "HIPAA Compliant" Stature

AltuMED is HIPAA compliant and partnering with us to cater to your RCM processes will allow you a stress free practice where you can focus on giving 100% to your patients. Our team of experts will not just handle your processes as per compliance requirement but will also strive to make your practice attain the "HIPAA compliant" stature. We take you through the requirements step wise and will be monitoring any fall through proactively, taking timely actions to lessen any harm to your practice in terms of time, trust, resources or revenue. We strictly maintain compliance requirements and therefore are capable of ensuring that you maintain it too with all your processes and systems.