Hot Topics in Health Care May 2023


Proposed Protections for Patient Data Related to Reproductive Care

On April 12, 2023, the Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services (HHS) proposed a new rule to strengthen HIPAA protections related to reproductive health care privacy. The proposed rule is in response to President Biden’s executive order 14076, which directed HHS to assess additional actions, including actions under HIPAA, that HHS can take to increase protections for sensitive patient information related to reproductive health care and bolster patient-provider confidentiality. The proposed rule would strengthen privacy protections by prohibiting the use of disclosure of PHI by a regulated entity for either of the following purposes: 1) a criminal, civil, or administrative investigation into or proceeding against any person in connection with, obtaining, providing, or facilitating reproductive health care, where such health care is lawful under the circumstances in which it is provided; and 2) the identification of any person for the purpose of initiating such investigations or proceedings. This proposal would protect individuals regarding out-of-state investigations if the health care provided is legal in the state where it occurred and also if the health care is expressly protected, required, or authorized under federal law. The proposed rule can be viewed here, and comments are due to HHS no later than June 16, 2023.

Expiration of HIPAA Enforcement Discretion

During the COVID-19 public health emergency (PHE) the OCR issues several bulletins outlining how the agency would apply the HIPAA privacy, security, breach notification, and enforcement rules in various circumstances during the PHE. OCR exercised its enforcement discretion in order to support the health care sector in responding to the PHE, particularly with regard to quickly implementing telehealth capabilities. To coincide with the end of the PHE, OCR announced the expiration of certain enforcement discretion notification. The following OCR notifications expired on May 11, 2023:

Covered entities will have 90 days to come into compliance with the applicable HIPAA rules for their telehealth services. This 90-day transition period will expire on August 9, 2023.

Expiration of OIG Enforcement Discretion

Similarly, the Office of Inspector General (OIG) exercised its enforcement discretion during the PHE and recently announced that two related Policy Statements and FAQs designed to provide flexibility and minimize burdens for health care providers during the PHE will expire on May 11, 2023. The following Policy Statements and FAQs will no longer be in effect and should not be relied upon by health care providers:

Proposed Medicaid Managed Care Rulemaking

On May 3, 2023, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule in the Federal Register that introduces significant changes to existing Medicaid managed care and Children’s Health Insurance Program (CHIP) regulations. This is the most expansive proposed rule regarding Medicaid managed care since CMS’ overhaul of the Medicaid managed care regulations in 2016. The proposed rule addresses a number of areas, including access requirements, requirements with respect to quality, and permissions regarding “in lieu of” services. Additionally, CMS is proposing numerous changes to the State directed payment regulations, which permit States to direct certain Medicaid managed care expenditures within the established regulatory parameters. Since authorizing State-directed payments in its 2016 rule, CMS has seen tremendous growth in the number of states pursuing these programs. States sought CMS approval for 36 State-directed payment programs in 2017, and that number has increased to 298 proposed programs in 2022.

Related Professionals

Related Capabilities

Jump to Page
Arrow icon Top

Contact Us

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.