Proposed Changes to HIPAA and the CMS Interoperability Rule

Proposed Changes to HIPAA and the CMS Interoperability Rule

Published: 1/8/2021 – 

While the pandemic has remained the top priority in the U.S. healthcare landscape, it has highlighted the importance of interoperability and the key challenges that exist to coordinated care. The Department of Health and Human Services (HHS) and sub-agency, the Center for Medicare and Medicaid Services (CMS)  recognized these gaps and expedited efforts to resolve them by rolling out two key initiatives. In December, HHS proposed changes to the HIPAA Privacy Rule and CMS expanded the CMS Interoperability Rule to include Prior Authorization.

In an unprecedented act, HHS has proposed significant changes to the HIPAA Privacy Rule. The basis for many of these changes are to increase sharing for covered entities so they will better be able to coordinate care amongst themselves and with patients and their families directly. This has been a key conversation over the past two years as HHS commenced its Regulatory Sprint to Coordinated Care. In this most recent effort, they proposed changes such as allowing patients to take photos of their information, reducing identity verification burdens when requesting a record, clear guidelines for fees that can be charged, and guidance on how covered entities and business associates can work together to meet these requests.

CMS, similarly, released an expansion to their final interoperability rule on patient access by adding in a requirement for Prior Authorization coordination. This is another area that has confounded the healthcare space for years, and CMS has taken on the problem by suggesting the creation of a channel between patients and their payers and payers and providers. The rule expansion would allow patients to see their pending prior authorizations, create a Document Requirement Lookup Service (DRLS), maintain a provider Authorization  Support API, and expand payer to payer requirements.