Possible Changes to HIPAA – What’s this RFI All About (A Summary)

January 14, 2019

Over the past month, I’ve been tweeting and blogging about possible HIPAA changes that may be in store after the OCR (Office for Civil Rights – HIPAA enforcers) published a Request for Information (RFI). With the deadline for comments about a month away (February 12, 2019), I thought I’d distill the information into a bit of a summary – a sort of tl;dr version of my last 5 posts.

I’d encourage anyone interested in your healthcare privacy rights to read over the information here. I’ve suggested questions at the end of each section for you to consider and will follow up in my next post with how you can submit comments on the RFI.

What is this RFI?

This is NOT a chance to comment on everything we don’t like about HIPAA. While we all know there are many places where HIPAA can be improved, this RFI is about 5 specific areas of HIPAA. The OCR has proposed very specific questions in each area for people to answer and those are what they want feedback on (those questions can be found here).

The 5 areas include:

  • Sharing information between doctors
  • Sharing substance use and mental health information with friends and family
  • Accounting of Disclosures
  • Notice of Privacy Practices
  • HIPAA “burdens” that prevent policy goals around Value-Based Care

There’s a lot here and you certainly don’t have to address every part of the RFI. You can pick and choose what is most important to you.

The rules they are interested in are primarily part of the HIPAA Privacy Rule found at 45 CFR 164, Subpart E (for the nerds who would like to catch up on the current language). In each of my previous posts I’ve taken these areas one by one and answered the questions in detail. I’ve given background on why they matter, examples of how they work now, and concerns as to why and how potential changes will harm patients.

To be clear: Changes suggested in each part will hurt patients.

Read the rest of this entry »


HIPAA and Trust

August 31, 2017

The last line of my article on privacy and security in the cloud for IBM reads:

Ultimately, responsibility is important not only for HIPAA and HITECH compliance but also for ensuring trust. A doctor entrusts a BA with critical information shared by patients who have divulged their most intimate details and whose EPHI [electronic personal health information] might be stored in the cloud. If their EPHI is compromised, patients might lose trust in their doctors and consequently their care might be put at risk. Thus, the significance of HIPAA and HITECH goes beyond law. EPHI is not merely data; it represents individuals, their health, and their lives.[1] (ital, bold added)

It’s not exactly the line you’d expect to see in a technology publication but it was important to me that the article end with the reason why HIPAA is important, a reason that is often forgotten or in the least neglected by providers tasked with following the law – trust.

The privacy and security provisions in HIPAA are ultimately about trust.

Read the rest of this entry »


Healthcare Does Not Have a Problem With Silos

August 3, 2017

Healthcare does not have a problem with silos.

In fact, there are no silos in healthcare; there are only boundaries.

If we truly want to change healthcare, we need to break boundaries.

Read the rest of this entry »


The Problem with Medicare QMB Administration

March 29, 2017

I find it ironic that before I became disabled, one of my last jobs was teaching social workers and doing outreach to the public about Medicare Savings Programs (MSPs) and now I rely on them.  If the government hadn’t funded a grant for me to do this outreach, I might never have known this program exists.  Problem is, most doctors, hospitals, politicians, and even the Medicaid offices that administer them don’t understand them at all which limits my access to care at times.  Not to mention, most don’t know that their low-income Medicare patients could qualify for them.

The Medicare Savings Programs are a great resource for those who are poor and need medical assistance.  The problem is, they shouldn’t be administered by the states through the state eligibility offices with Medicaid.  This current set up confuses providers, creates huge burdens on patients, and adds stress to an already broken system with subpar tools and resources.  But because it is administered along with Medicaid, as if it’s Medicaid, I’m subjected to this system, one that already already makes me feel like a burden, one that takes away my dignity as I try to simply get by.  And unfortunately, it’s never going to get better.

Read the rest of this entry »


The Real Access Issues

May 6, 2016

Recently, the diabetes online community has been in a bit of an uproar over United Healthcare’s decision to name the Medtronic insulin pump as the preferred pump for all on its plan.  #MyPumpMyChoice and #DiabetesAccessMatters are added to every tweet on the issue as people debate choice in health care, health care costs, and access to healthcare in general (though mostly around tech – i.e. insulin pumps).

For some time now I have been rather frustrated with the larger issues of access, the ones that don’t get talked about as much and don’t have popular hashtags, the ones that aren’t sexy but are often more critical.  And those include basics like access to dental care and eye care and mental health care – (and I know this will piss many off) but what I think are the real access issues.

Read the rest of this entry »


I Am Them

September 6, 2014

My friend Carolyn Thomas posted an open letter I wrote on her website Heart Sisters.  As a result, Medicine X asked me to participate in their conference this year and presented my reading a shorter version – video below.

“Dear Medicine X Conference organizers, Read the rest of this entry »


Why EMTALA Still Matters But Isn’t Enough

March 17, 2014

Last week I talked about my experience in the hospital that was Not Meant to Be.  Among the many issues was an overarching theme of access to healthcare.  As I said before, only by the grace of the passage of EMTALA (the Emergency Medical Treatment and Labor Act) passed in 1986, was I able to get the care I needed.

EMTALA requires Medicare-participating hospitals that offer emergency services to provide medical screening examination and stabilizing treatment for patients with emergency medical conditions regardless of an individual’s ability to pay.  EMTALA is incredibly important for the uninsured, but it isn’t enough. Read the rest of this entry »


%d bloggers like this: