Get ready to comply with strict new privacy regs [or pay big fines]

Four PHI Rule Changes Coming in 2022

New rules from the Health and Human Services (HHS) department put stricter guardrails on how and when healthcare organizations provide access to information. These rules will necessitate new procedures and practices to comply. Here’s is a rundown of the most significant rule changes.

1. A tougher new response deadline

Just about a year ago, on December 20, 2020, OCR issued a Notice of Proposed Changes. A public comment period ended this past February, and new rules are now ready to kick in.

One creates more urgency for you to fulfill requests. It cuts response time to information requests in half – from 30 to just 15 calendar days.

It’s just one more sign that HHS takes response time very, very seriously. Indeed, its Office of Civil Rights investigated 25 patient complaints in 2021 – and nearly all involved delays in making information available to patients.

2. Increased transparency

Another new reg is far less severe but requires some thought and work on your part. It gives patients the right to review their Personal Health Information (PHI) in person, take notes, and make photographs. Which raises several questions:

  • Where will these reviews take place? Will it be in your Records department? In doctors’ offices? In that patient’s home? Some of the above? All of the above? Healthcare organizations will have to that sort out. 
  • How? You’ll have to consider format. If on paperhow do you get the PHI printed out and delivered? If as an Electronic Health Record (EHR), what must you do to help patients uncomfortable with computers access and read it? 

3. Greater disclosure

You’ll have to be more up-front about charges. New regulations require you to make the following updates on your web sites:  

  • Post estimated fee schedules for authorized access and disclosures 
  • Post individual estimated fees for requested PHI copies 
  • Provide itemized bills for completed requests 

The first two are one-time changes, and the third can be automated. 

One disclosure you’ll no longer have to make is printed pieces spelling out your privacy policies. You’ll no longer need to have another form for patients to sign acknowledging that you’ve offered them. 

4. More electronic information sharing 

When patients request you to share PHI with another healthcare provider or health plan, you can do it in an EHR instead of on paper. 

Prepare yourselves 

Ready or not, those new privacy regulations are here. So prepare yourselves:  

It’s better for your patients’ health, and your organization’s. 

How is your healthcare organization keeping up with regulatory changes like these? Read more about our regulatory monitoring process or schedule a demo.  

Jerry Shafran is the founder of YouCompli.

Subscribe for healthcare regulatory updates.

Sign up for demo
Request a demo of the YouCompli solution.