Medical computers of healthcare groups are filling up with news and discussions of possible new HIPAA rulings going into effect this year. We checked and verified it’s not only true, but the details on what those rules are have been released as well. We cover them today, as well as provide checklists for covered entities on how to prepare for the changes. This includes medical computers and how they continue to help in compliance.

What Are the New HIPAA Changes for 2023? 

Major updates to the Health Insurance Portability and Accountability Act (HIPAA) could be seen as far back as 2020. That was when The Office for Civil Rights (OCR), which is part of the US Department of Health and Human Services (HHS), issued a notice on proposed changes to the HIPAA Privacy Rule. Those changes, “Proposed Modifications to the HIPAA Privacy Rule to Support, and Remove Barriers to, Coordinated Care and Individual Engagement”, were released in January 2021. When these latest HIPAA updates becomes official (Final Rule), it will affect:

Patients Rights

Patients’ ability to access their medical records has expanded and simplified. 

  • Patients will be allowed to inspect their protected health information (PHI) in person. They will be allowed to take notes or even photos of its contents. 
  • Covered entities (basically any operations involved in the transmission of health information) must now provide patient’s access to their PHI in 15 days instead of 30. 
  • Parties requesting the transfers of an electronic copy of a PHI (ePHI) to a third party will be limited to the ePHI maintained in the EHR.
  • Patients can now have their PHI be transferred to personal health applications like a personal health record. Before, such ability was at the whim of the healthcare group. 
  • Patients must be told when there’s no fee charged for their ePHI request. 
  • Patients and/or involved parties can direct their healthcare providers, health insurances, or both to respond to covered healthcare providers and health plans requests for certain kinds of records as laid out by the HIPAA Right of Access.

Covered Entities

Covered entities, which range from healthcare groups, providers, to medical clinics, are also affected by the latest HIPAA updates.  

  • Covered entities will be allowed to disclose a patient’s PHI if “seriously and reasonably foreseeable” harm to their health and/or safety can be avoided. 
  • Covered entities, if they believe in good faith that their actions are in the best interest of the patient, are permitted to make certain uses and disclosures of PHI to support those action(s).
  • Covered entities are required to inform patients and/or involved requestors that they have the right to obtain a copy of their PHI if it’s offered in a summarized version instead of a copy. They must also comply with those patients and/or involved parties’ directions to send such versions to third parties. 
  • Covered entities must post estimated fee schedules on their websites for requesters wanting copies of their PHI.
  • Covered entities will no longer be required to obtain a written confirmation of a Notice of Privacy Practices (NPP) from patients and/or involved parties. 

Other changes include: 

  • Healthcare operations now include care coordination and case management. 
  • The US military has increased latitude in the use of PHI. This includes more details on how to disclose the information.
  • The definition of “electronic health records” has been expanded under the new ruling.

Final Rule

Final Rule, or when the modified Privacy Rule goes into effect, was originally slated back in March of this year. It has yet to do so at the time of this posting. 

All signs continue to show the HHA still plans to make it official this year. Once it’s declared, the true “start” date is 60 days afterwards. Covered entities will then have 180 days after that before the OCR begins to enforce the new rule.

How to Prepare for the Latest HIPAA Updates for 2023

Many covered entities are already in preparation for Final Rule of the Privacy Rule. Steps they’re taking include: 

  • Training staff on the HIPAA changes. 
  • Reviewing the current requirements of the Right of Access rule.
  • Prepare for changes to NPPs. These range from creating a new, revised header on the form, to dealing with the third-party patient intake software vendors who provide NPPs to patients electronically.
  • Meeting with EMR companies, off-site cloud storage facilities, and other, similar vendors on dealing with the shortened response time for PHI requests.  
  • Plan on the new fee structure for PHI requests. 
  • Monitor the federal government’s Office of Management and Budget (OMB) for when the Final Rule goes into effect. This is usually done by designating a staff member (typically the privacy officer) to keep tabs on the OMB’s website as well as subscribe to the HHS.

Complying with Latest HIPAA Updates using Medical Computers

Medical computers continue to provide benefits in the healthcare sector’s efforts to stay in compliance with HIPAA regulation. A couple of methods include: 

Don’t use BYOD

Bring Your Own Device (BYOD) brings a slew of issues to healthcare networks. In regards to HIPAA, most simply break the security rules. 

Are the images taken on the provider’s smartphone and shared with colleagues HIPAA-secured? What about the cloud server used to house them? Is it secure with approved software? Even note-taking apps must be HIPAA-verified if used to record patient details. Medical computers and medical tablets have been vetted by healthcare IT to be secure to HIPAA’s exacting standards. 

RFID Readers and Imprivata

HIPAA violations don’t necessarily have to be as sophisticated and/or complex as a cyberattack. Simply allowing the wrong person on-site to obtain a patient’s EHR is enough. Medical computers with built-in RFID and/or CAC readers help to make sure authorized personnel with the right cards can access the records. Software like Imprivata Single Sign-On verify the staff as well as help keep track of anyone accessing the computer. 

Closing Thoughts

HIPAA, which ensures the privacy of patient’s medical records like EHR, is undergoing major changes in 2023. Patient access to their personal health records has greatly expanded, while covered entities have been given more specific directions on how to handle those records and more. 

Contact an expert at Cybernet if you’re interested in learning to use a medical computer to stay in compliance with HIPAA’s latest rulings.