The landmark 1996 Health Information Portability and Accountability Act (HIPAA) is back in the news. The Trump administration is exploring the possibility of easing some of these requirements. HIPAA mandates could unnecessarily impede the sharing of health information between care providers and patient’s family members.
Discussions to Ease Sharing Regulations
In December 2018, the Office for Civil Rights put forth a request for information (RFI) on the possibility of modifying HIPAA and HITECH mandates. The paper describes certain parts “that limit or discourage coordinated care among individuals and covered entities (including hospitals, physicians, and other providers, payors, and insurers), without meaningfully contributing to the protection of the privacy or security of individuals’ protected health information.” The period for comments officially closed yesterday on February 12th.
The RFI describes concerns over how HIPAA regulations have stifled the sharing of patient records between providers. “Some HIPAA covered entities have expressed reluctance to share this information for fear of violating HIPAA.” Also, the paper expresses a concern over intentional delays or withholding of patient records from one covered entity to another since HIPAA doesn’t mandate the transfer be made in a 30-day period as it requires with requests from the patient themselves.
In a letter published last week, Senator Ron Wyden, D-Ore., and Senate Health, Education, Labor and Pensions (HELP) Committee Ranking Member Patty Murray, D-Wash. cautioned the administration in lessening these important privacy regulations. They called taking such actions a “dangerous approach” that could lead to patients foregoing treatment entirely.
Protecting Electronic PHI
None of these proposed changes will affect the HIPAA mandates that require strong protection of personal health information (PHI). Healthcare entities must safeguard all electronic PHI, either through encryption or other methods, both at rest and in transit. A huge piece to HIPAA compliance is protecting external email communications. These must be protected via encryption in-transit, and stored encrypted at the recipient’s end. Implementing strong security for these communications allows health care entities to safely and confidently share patient information with other providers, the patient and their family members. As a result, patients receive better care overall by allowing for faster and easier exchanges of health information.
GlobalCerts’ Securemail Gateway solution utilizes a pull-based ‘SecureMessenger’ delivery system, which delivers secured email over a branded HTTPS encrypted web portal, direct to the patient or healthcare provider’s computer or smartphone. The SMG stores secured emails with military grade AES-256 encryption in the sender’s environment. The sending organization is always in the complete control of the email. Messages are automatically deleted after a specified lifetime, or on-demand by the SMG administrator.