HIPAA Updates and HIPAA Changes in 2023-2024!
HIPAA updates and HIPAA changes happen more frequently than many people are aware of because of the nature of the update or because of their minor impact on HIPAA compliance. A major update to HIPAA is long overdue, and steps were taken in December 2020 to address the need for HIPAA changes and HIPAA updates when HHS’ Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking that proposed multiple changes to the HIPAA Privacy Rule.
In addition, there has also been a proposed update to align 42 CFR Part 2 – the Confidentiality of Substance Use Disorder Patient Records regulations – more closely with HIPAA, and proposals to change the conditions under which PHI relating to reproductive healthcare can be used or disclosed. Part 2 and reproductive health changes are expected to be finalized in 2024, while the new proposed Security Rule standards for cybersecurity should be announced in 2024 and implemented in 2025.
We discuss all the HIPAA updates since the inception of HIPAA and this information can be used in conjunction with our HIPAA checklist to understand what is required to ensure compliance.
Major HIPAA Updates in the Past 25 Years
Since HIPAA was signed into law there have been a few major HIPAA updates. The HIPAA Privacy and Security Rules were introduced which limited the uses and disclosures of protected health information, gave patients new rights over their healthcare data, and introduced a set of minimum security standards.
Those HIPAA updates were followed by the incorporation of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which saw the introduction of the Breach Notification Rule in 2009 and the Omnibus Final Rule in 2013. Such major HIPAA updates placed a significant burden on HIPAA-covered entities and considerable time and effort were required to introduce new policies and procedures to ensure continued HIPAA compliance.
There have been two minor HIPAA Privacy Rule changes since 2013 – the first, in 2014, allowed patients to have access to test reports to align the Privacy Rule with the Clinical Laboratory Improvement Amendments. The second HIPAA Privacy Rule change, in 2016, allowed covered entities to disclose PHI to the National Instant Criminal Background Check System.
The most commonly updated section of HIPAA is Part 162 of the Administrative Simplification Regulations. Part 162 HIPAA updates are most often made by CMS to existing standards – for example, the 2020 change relating to Schedule II drug refills. However, a proposed Part 162 HIPAA change expected to be finalized in 2024 could have wider implications. Read more at Hipaajournal.com