Tuesday, 27 October 2020

Federal Government Seeks YOUR Input on HIPAA

In December, the Department of Health and Human Services released a Request for Information (RFI) on the Health Insurance Portability Accountability Act otherwise known as HIPAA. The RFI is basically asking that YOU (any interested human or group of humans) provide input on how the government should make changes to this law.

HIPAA is the federal law that prohibits sharing of your personal health information between providers without your express knowledge and permission. It also requires various safety measures to help keep your personal information safe.

HIPAA is already something that gets violated all the time in the mental health system. Providers discuss personal information with people (or even worse, with people’s assigned staff supporters) in or too near to waiting rooms on a regular basis. Some mental health providers have people working in cubicles that do not provide enough privacy, and where anyone within earshot will be able to determine personal things about someone else even when the conversation is taking place over the phone (and the person on the other end has no idea that parts of their personal information might be overheard by people in the vicinity). Co-workers unnecessarily identify people by name to other co-workers (from different programs and who weren’t in a position to need to know personal things about them) during meetings under the guise of getting support that clearly could have been gotten without disclosing the person’s identity. People are convinced they have to sign releases of information they didn’t actually have to sign in order to get services or retain provider relationships. Far too many providers who have friendly relationships with one another get careless about protecting people’s information when they’re talking to each other.

Yes, HIPAA is already violated quite regularly in dozens of small ways, and without consequence most of the time. And now, the government is specifically seeking input on further weakening privacy protections.


Why is the federal government considering weakening HIPAA privacy protections? Here’s a brief excerpt from an article published on December 12th on the Health and Human Services website:

HHS developed the HIPAA Rules to protect individuals’ health information privacy and security interests, while permitting information sharing needed for important purposes. However, in recent years, OCR has heard calls to revisit aspects of the Rules that may limit or discourage information sharing needed for coordinated care or to facilitate the transformation to value-based health care. The RFI requests information on any provisions of the HIPAA Rules that may present obstacles to these goals without meaningfully contributing to the privacy and security of protected health information (PHI) and/or patients’ ability to exercise their rights with respect to their PHI.

Many groups have complained—and complained loudly— about HIPAA preventing them from getting the                     information they need. Family advocacy groups, for example, host many vocal parents who wish to be able to get information more easily on their adult children. However, the people complaining are rarely the people who are getting the treatment themselves, at least where people in the psychiatric system are concerned. (HIPAA applies to all treatments deemed “medical” in nature, including when someone has had a heart attack, has been in an accident, etc.) In addition to asking the public to give feedback on how HIPAA has been working and/or should be changed, Health and Human Services department is also seeking input on the following (in their own words):

  • Encouraging information-sharing for treatment and care coordination
  • Facilitating parental involvement in care
  • Addressing the opioid crisis and serious mental illness
  • Accounting for disclosures of PHI for treatment, payment, and health care operations as required by the HITECH Act
  • Changing the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices

Although the article on the Health and Human Services website says comments are due by February 11, the RFI document itself says that they must be in on or before February 12.

The RFI is Docket ID number HHS-OCR-0945-AA00 and can be viewed HERE.

Responses can be submitted by hand or mail to U.S. Department of Health and Human Services, Office for Civil Rights, Attention: RFI, RIN 0945-AA00, Hubert H. Humphrey Building, Room 509F, 200 Independence Avenue SW, Washington, DC 20201.

They can also be submitted on-line by clicking HERE and searching for Docket ID number HHS-OCR-0945-AA00.

Many advocacy groups are filled with retired people or people in paid roles who have a great deal of time to write letters, make phone calls, and oversee coordinated advocacy campaigns. We do not have that, so it’s all the more important that each of us take responsibility for responding each time one of these opportunities come up. The Western Mass RLC will be submitting a response that includes feedback on the importance of privacy, and how “care coordination” can’t become an excuse for taking away even more of people’s choice and power. We will be speaking to how much the loss of power can, in fact, contribute to keeping people “sick”. We will also be speaking to the government’s responsibility to do better in making space to hear from people getting these services at least as loudly as their parents, and noting how difficult these processes are to even know about or access, especially for people most directly impacted. What do you have to say? Let them know!



Registration & Login for Website Users