The Massive Costs of a Proposed HIPAA Rule

The Massive Costs of a Proposed HIPAA Rule

March 18, 2023

The U.S. Department of Health and Human Services (HHS) decided to finalize the “Notice of Proposed Rule Making,” which was first issued in January 2021. The said rule change aims to reduce the administrative burdens of healthcare providers, including the costs of sharing health information.

proposed hipaa rule change

The Proposed HIPAA Rule Change

This proposed HIPAA rule change will make several changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to strengthen the patients’ right to access their health information. Furthermore, the NPRM will also remove barriers to coordinated care and facilitate the involvement of family members and caregivers when treating individuals during emergency situations.

Financial Burden of the Proposed Rule Change

According to a study conducted by Hemming Morse, the proposed rule change will force healthcare providers to shoulder the costs amounting to $1 billion annually. This could burden most hospitals, like those in rural areas that lack funds to continue their operations. Due to the proposed change, many hospital executives will find it difficult to include this new expense in their 2023 budgets.

Initially, these requests come at little to no cost to patients and providers. Before the proposed rule change, the requestors who access medical records for commercial purposes subsidized the fees. However, with the proposed amendment, third parties will pay lower than usual, and the excess amount will be passed on to providers and patients. As a result, these third parties will become more confident to request as many records as they like.

The policy change is expected to increase medical record requests, which could reduce processing times and increase waiting lines. This could eventually overwhelm the hospitals, resulting in overworked health information management staff.

The Massive Costs of a Proposed HIPAA Rule

Impact on Patient Care and Hospital Closures

Hospitals may face the burden of dealing with thousands of patient record requests. On top of that, they will need more healthcare staff to process these requests. Due to a lack of funding and staffing, providers could compromise thousands of patients who need urgent care and assistance.

As providers face the difficult decision to cut their annual budgets, they might also reduce their community outreach programs. Since they need to save their money and resources for this proposed rule, healthcare organizations might also stop doing innovative projects to make way for this change. Instead of investing in new facilities and equipment, hospitals may even end up closing their doors due to bankruptcy.

Increased patient record requests can eventually lead to more hacking incidents and data breaches. To ensure HIPAA compliance, healthcare providers must follow a step-by-step process to get patient consent and prevent unauthorized access. But due to the increasing demand, they couldn’t possibly handle these requests all at once, which could compromise data privacy and risk the security of sensitive patient information.

The Massive Costs of a Proposed HIPAA Rule

Timeline and Prioritization of the Proposed Rule

The Notice of Proposed Rulemaking may have been issued back in January 2021, but the final action on the proposed rule occurred last March 2023. To comply with the new requirements, healthcare providers and professionals must take important steps to start the transition. The advance notice gives them considerable time to assess and develop their current processes according to the proposed rule change.

Whenever the final rule is published, covered entities will have 240 days after the publication before the start of the implementation. However, it’s crucial to start preparing as early as now to know how to address the challenges once the final rule takes effect.

Here are five steps to prepare for this new rule:

1. Review the proposed changes

Start familiarizing yourself with the HIPAA privacy policies and identify the gaps in your current processes. Assign a privacy officer who will take charge of the HIPAA implementation. Your assigned staff members will be responsible for making necessary changes to the policies and procedures based on the final rule.

2. Prepare to implement the new Notices of Privacy Practices (NPPs)

According to the proposed HIPAA rule, there will be a revised NPP header regarding how individuals can access their medical records. Covered entities must know how to implement these changes, especially when working with third parties.

3. Identify what process changes need to occur

The final rule would reduce the allotted time (from 30 to 15 days) for covered entities to respond to individual PHI requests. Moreover, providers will need to provide patients and authorized individuals with faster access to their medical records.

4. Begin planning on how you will charge fees

As early as now, covered entities should review the amended charges in the proposed rule. Providers must post fee schedules on their websites and provide fee estimates for individuals requesting copies of their PHI.

5. Assign someone to monitor final rule developments

HHS may post final changes to the proposed rule at any time. Covered entities must regularly check the OMB’s regulatory agenda to see any changes. Make sure to subscribe to regulatory updates from HHS to get notified once the rule becomes final.

Challenges Ahead After This Proposed HIPAA Rule Change

One of the biggest challenges of this proposed HIPAA privacy rule change is the staggering operational and financial burden on healthcare providers and hospitals. Lack of funds and resources may also force hospitals to cut their budget for patient care services to focus on meeting the new requirements.

On top of that, hospitals will also need to hire more staff to deal with the overwhelming medical record requests. As a result, healthcare providers will face significant losses due to HIPAA rule changes. Hospitals will need to process and pay for tons of record requests. Moreover, the increased workload could lead to burnout among healthcare professionals, affecting the overall quality of patient care. Ultimately, this will lead to hospital closures and limited access to health care services.

Kent CaƱas

Kent is a content strategist currently specializing in HIPAA-compliant online fax. Her expertise in this field allows her to provide valuable insights to clients seeking a secure and efficient online fax solution.

More great articles
Unauthorized Access Disclosure: Breach Reporting, Prevention Best Practices
Unauthorized Access Disclosure: Breach Reporting, Prevention Best Practices

This article discusses the importance of unauthorized access disclosure and why it is needed.

Read Story
Is Constant Contact HIPAA Compliant?
Is Constant Contact HIPAA Compliant?

Is Constant Contact HIPAA compliant? Find out the answer here.

Read Story
MOVEit Vulnerability Exposed: Falls Victim to Extortion
MOVEit Vulnerability Exposed: Falls Victim to Extortion

Ransomware groups actively exploited the MOVEit vulnerability to gain unauthorized access to sensiti...

Read Story
Subscribe to iFax Newsletter
Get great content to your inbox every week. No spam.

    Only great content, we donā€™t share your email with third parties.
    Arrow-up