Benefit Comply, LLC’s Post

This week, HHS-OCR published a Final Rule amending HIPAA to provide additional privacy protections for patient health information related to reproductive health care. HHS Secretary Xavier Becerra commented on the policy goals of the new regulations: "Many Americans are scared their private medical information will be being shared, misused, and disclosed without permission. . . . Today’s rule prohibits the use of protected health information for seeking or providing lawful reproductive health care and helps maintain and improve patient-provider trust that will lead to improved health outcomes and protect patient privacy." The Final Rule goes into effect on June 25 and the first compliance date is December 23, 2024. Impacted healthcare providers will need to review their current processes and update their policies and procedures to reflect the new requirements. The Rule requires healthcare providers (and other regulated entities) to obtain written attestations prior to making certain disclosures of patients' reproductive health information. It also requires healthcare organizations to update their Notice of Privacy Practices to put patients on notice of the enhanced protections. See the link below for additional information on the new requirements. https://lnkd.in/eYS-KWkK

In late April, the HHS Office for Civil Rights (OCR) issued a HIPAA privacy rule to bolster reproductive health care privacy. What exactly is the rule and what does it mean for your health plan? Check out the latest blog by Andrew Silverio, Esq., The Phia Group’s Director of Consulting Services, “HIPAA Final Rule Protects Access to Reproductive Healthcare,” to find out.

Attention all Compliance Officers, women's health clinicians, and health information management/medical records professionals! A new Final Rule has been announced by the HHS Office for Civil Rights to strengthen privacy protections for medical records pertaining to lawful reproductive health care. Please note the new attestation requirement and the need to revise your organization's Notice of Privacy Practices (NPPs) to support reproductive health care privacy. The Final Rule also requires revisions to NPPs to address proposals made in the Notice of Proposed Rulemaking for the Confidentiality of Substance Use Disorder (SUD) Patient Records (“Part 2 NPRM”),5 as required by or consistent with the Coronavirus Aid, Relief, and Economic Security (CARES) Act of 2020. Here's a link to a fact sheet from the OCR. #compliance #healthcare #complianceofficers #privacy #healthinformationmanagement #reproductivehealth #TitleX #womenshealth #ocr #hipaa #hcca #AHIMA https://lnkd.in/eYcjHsf7

New HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The Final Rule strengthens privacy protections by prohibiting the use or disclosure of protected health information (PHI) by a covered health care provider, health plan, or health care clearinghouse (Covered Entity) or their business associate for either of the following activities: To conduct a criminal, civil, or administrative investigation into or impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive health care, where such health care is lawful under the circumstances in which it is provided. The identification of any person for the purpose of conducting such investigation or imposing such liability.  The effective date of the Final Rule is June 25, 2024. This is the date that HIPAA covered entities and their business associates may begin implementing the new requirements. Covered entities and business associates are not required to comply with the new requirements until December 23, 2024, except for the new changes to the HIPAA Notice of Privacy Practices which has a compliance date of by February 16, 2026. https://lnkd.in/eyKpKC9S

🔒 Ensuring Privacy in Reproductive Health Care: HIPAA Final Rule Update The recent Final Rule issued by the U.S. Department of Health & Human Services (HHS) under HIPAA brings significant changes to safeguard reproductive health care privacy. Companies in the healthcare sector must take note and adapt their practices accordingly. Key highlights include: 🚫 Prohibition: Strengthened privacy protections prohibit the use or disclosure of Protected Health Information (PHI) for investigating or imposing liability related to reproductive health care. 📝 Attestation: Covered entities are required to obtain a signed attestation for certain PHI requests potentially linked to reproductive health care, ensuring compliance with the prohibition. 📑 Notice of Privacy Practices (NPP): Companies need to revise their NPPs to support reproductive health care privacy as mandated by the Final Rule. 👮 Disclosures to Law Enforcement: Clarifications are provided regarding permissible disclosures to law enforcement, emphasizing compliance with Privacy Rule conditions. Understanding and implementing these changes is crucial for companies to uphold patient privacy rights and comply with regulatory obligations. Learn more about the Final Rule Fact Sheet here https://lnkd.in/dmkdE8SH #HIPAA #HealthcarePrivacy #Compliance #ReproductiveHealthCarePrivacy#PHI#Dataprotection

The Office for Civil Rights at the U.S. Department of Health & Human Services has published a final rule that modifies the Standards for Privacy of Individually Identifiable Health Information under HIPAA regarding protected health information concerning reproductive health. This Covington & Burling LLP blog looks at the implications for regulated entities. https://okt.to/GLXeD4

HHS combined elements of three pending proposed rules into one Final Rule, which significantly changes reproductive health care, increasing patient privacy and shielding providers from liability. The Final Rule also finalized modifications to regulations around substance use disorder medical records, known as "Part 2 regulations," and changed the Notice of Privacy Practices for all covered entities. Some proposed modifications we were expecting to see finalized were not included but likely will return later. Federal law limits HHS to modifying a standard or implementation specification once every 12 months, so we'll look for those changes next year. #HIPAAPrivacyRule #HIPAACompliance #HIPAAChecklist

All HIPAA-regulated entities must now comply with the HIPAA reproductive health information privacy final rule. The compliance deadline is today: https://lnkd.in/e4jf9G_a

If you are a HIPAA covered entity or business associate, a new rule targeted at protecting reproductive health care information requires broad changes to how you respond to most third party requests for health care records—and other changes.

How's the implementation of the Privacy Rule to Support Reproductive Health Care (RHC) going for the health care industry (compliance date 12/23/24)? A few key points that I didn't find specifically in the many webinars I attended and articles I read about the Rule: If a signed Authorization is obtained with the request, the Attestation is not required. Keeping in mind, the 4 categories of requests that require an Attestation, generally do not require an Auth under the Rule (health oversight activities; judicial/administrative activities; law enforcement requests; and request from coroners/medical examiners). Also, it may be helpful to reach out to the coroner/medical examiners you generally work with to see how they are handling the Attestation requirements as HIPAA compliance is something they never had to deal with before (perhaps confidentiality in general but not HIPAA). We created an Attestation from the OCR Model in an electronic fillable form to make it easier to obtain the completed form when required. https://lnkd.in/gEh_ZPY8