The recent Nursa article on HIPAA Updates 2023 explains HIPAA (the Health Insurance Portability and Accountability Act), the Privacy and Security Rules, and points out some common violations, critical changes in the 2023 Privacy Rule, penalties for violations, and do’s and don’ts to ensure HIPAA compliance.
This article will address the goals, especially advancing health equity as an underlying reason for changes and new HIPAA compliance challenges.
HIPAA Goals for 2023
2023 is a big year for major updates in HIPAA. In April 2022, the Department of Health and Human Services (HHS) released the final 2023 HIPAA Privacy Rule modifications explicitly stating the following goals.
- Enhancing consumer options and choice
- Standardized health insurance options make the choice more informed and straightforward for the consumer.
- Advancing health equity
- Combatting discriminatory health plan designs with a requirement to address healthcare disparities.
- Reducing verification document requirements for the Special Enrollment Period, thus mitigating the negative impact of this verification on African American and younger consumers and decreasing the overall consumer burden.
- Within the insurance plans, it is increasing the percentage of providers that serve large proportions of the medically underserved population.
- Lowering premiums and strengthening markets
- With an improved risk adjustment program to predict and balance payments for risk across the individual and small group markets
- Enhancing consumer experience
- With a requirement to display explanations for Qualified Health Plan (QHP) recommendations or how these are positioned on Web-Broker Websites to inform the consumers’ selection of the QHPs that best fit their needs
For complete information, you may read the full rule posted by the US Department of Health and Human Services (HHS).
The HIPAA is a federal law establishing national standards for safeguarding health information. HHS issued the HIPAA Privacy Rule to implement the requirements of HIPAA and develops updates that must be applied for HIPAA compliance.
Why Does HIPAA Change?
Awareness of equity issues grows, and information and communications technology is transforming professional settings, including healthcare. HIPAA must stay caught up, even when it may become an administrative burden to healthcare facilities.
Advancing Health Equity
A Deep-seated Motivation to Take on the Administrative Burden of Change
35% of the ECPs Must Be Included in Insurance Plans.
To help populations that have historically encountered obstacles to healthcare, the new ruling raises the Essential Community Provider (ECP) Threshold from 20% to 35%. This means that each insurance plan has to include at least 35% of all available ECPS in the area. ECPs serve large proportions of low-income or medically underserved individuals. QHPs plans offered on the Marketplace must have a sufficient number and geographic distribution of ECPs to ensure reasonable and timely access to a wide selection of such providers for low-income, medically disadvantaged persons in the plans’ service area.
The Nondiscrimination Policy Will be Applied to Health Plan Designs.
Additionally, QHP issuers must address health and healthcare disparities, such as discrimination based on sociodemographic factors, age, or health conditions, as a specific topic within their quality improvement strategy.
Although this is for health insurance issuers, the insights they may find will help healthcare providers discover the hidden structural elements of discrimination and identify changes urgently needed to raise the standard of healthcare equity and effectively combat discrimination in healthcare.
Compliance Challenges in 2023
Information and Communications Technology
Telehealth, which grew 63-fold in Medicare during the pandemic, relies on electronic communication with patients about health information. The widely adopted use of smartphones in hospitals, electronic health records (EHRs), and the digital transmission of protected health information (PHI) all have a bearing on regulations for privacy and security. After finance, healthcare is the industry most targeted by cyber-attacks due to the amount of information with high monetary and intelligence value. Regulations must adapt to protect patients and hospitals from new and mounting threats. See the HHS guidance on how HIPAA rules permit healthcare providers to use electronic communication technologies for audio-only telehealth.
COVID-19 HIPAA Flexibilities Deadline in January 2023
HIPAA telehealth flexibilities that began in response to the COVID-19 Public Health Emergency are scheduled to end. The flexibilities involve changes to Medicare for coverage of telehealth services using smartphones during the pandemic in urban as well as rural areas. The 11th extension sets the deadline for January 11, 2023. Start getting ready now and make your telehealth services HIPAA-compliant in time.
Telehealth health services for diagnosis and treatment using standard communication technologies, regardless of whether or not the services are directly related to COVID-19, do not have penalties under the flexibilities, even if the platforms used are not entirely HIPAA compliant. For example, providers may use Skype (rather than Skype for Business), FaceTime, Google Hangouts Video, and Zoom, but not public-facing platforms for telehealth services, such as Facebook Live and TikTok.
How to Ensure HIPAA Compliance In Your Healthcare Facility
Consider the following tips and a few do’s and don’ts to avoid HIPAA violations, spelled out in a previous Nursa article.
Use an artificial intelligence (AI) solution designed for organizations covered by HIPAA law to take advantage of the speed and space of the cloud without putting PHI at risk of disclosure.
Beware! Make sure your smartphone communications, as well as platforms or networks, are HIPAA compliant. Flexibility may end in January 2023.
Stay on top of the updates, and appoint a competent HIPAA Privacy Officer. This complex, binding, and progressive law defends privacy and equity.
