Birmingham Medical News: OCR Highlights

Articles / Publications

Reprinted with Permission from the Birmingham Medical News

The U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) was hard at work at the end of 2018—emphasizing the active efforts we have seen for the past few years from OCR. Below is a brief summary of some of the recent activity of OCR.

OCR, the entity responsible for compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), is seeking input on how HIPAA can be modified to help promote coordinated, value-based care. Coordination of care has been an initiative of payors for a few years now, but certain aspects of HIPAA sometimes hinder or limit the ability of providers to coordinate care in certain settings or under certain situations. As a result, OCR has received requests from providers to revisit certain aspects of the HIPAA regulations, which were drafted over 15 years ago, to eliminate some of the hurdles preventing coordinated care. “I look forward to hearing from the public on potential improvements to HIPAA, while maintaining the important safeguards for patients’ health information” said Deputy Secretary Hargan. According to OCR Director Roger Severino, “we are looking for candid feedback about how the existing HIPAA regulations are working in the real world and how we can improve them.” In addition, OCR is specifically seeking comments on ways to address the following specific areas:

  • Encouraging information-sharing for treatment and care coordination
  • Facilitating parental involvement in care
  • Addressing the opioid crisis and serious mental illness
  • Accounting for disclosures of PHI for treatment, payment, and health care operations as required by the HITECH Act
  • Changing the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices

Public comments on ways to improve these areas are due by February 11, 2019. Any provider facing obstacles in any of these areas is encouraged to submit comments to OCR.

OCR also recently released a plain language checklist to assist first responders in providing emergency response and recovery services to individuals with limited English proficiency and/or disabilities. At least 350 languages are spoken in the United States and approximately 15% of adults report hearing difficulties, 8.1 million people are visually impaired, and 32 million adults are unable to read. These factors, combined with several natural disasters in 2018, highlighted the importance of guidance in this area, as federal civil rights laws require that federally funded emergency response and recovery services must be accessible to people with limited English proficiency and people with disabilities. The checklist includes recommendations, specific action steps, and resources to assist first responders in providing language assistance and communicating effectively, addressing how to identify language needs of patients and how to effectively utilize interpreters.

Finally, OCR has been busy enforcing compliance with the HIPAA requirements. A hospital has recently been fined for failing to terminate the remote access of an employee following the employee’s termination from the hospital, resulting in the impermissible disclosure of patients’ protected health information. In addition, a physician practice was fined for disclosing patient information to a medical billing services company without entering into a business associate agreement with the billing company. Moreover, a physician practice was fined when a physician discussed a patient’s health information with a reporter who was compiling a news story on a dispute between the patient and the practice. These enforcement actions highlight the importance of taking proactive steps to protect patient information, e.g., by terminating access to individuals once it is no longer needed or by entering into business associate agreements.
As you can see, OCR was very active at the conclusion of 2018. I suspect that this active trend will continue in 2019.

Download the article, "OCR Highlights" written by Kelli Carpenter Fleming.

Jump to Page

Contact Us

About Burr & Forman Cybersecurity & Data Privacy Law

Burr & Forman's experienced team helps clients navigate the complex cybersecurity and data privacy landscape with strategies designed to assess current risks, develop a corrective action plan, implement best practices, and provide immediate and appropriate responses to a cybersecurity breach.

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.