Part B News: Lisa Munoz Discusses ONC Regulations on the Protection of Patient Data
In an article published by Part B News, Partner Lisa Munoz is quoted discussing the implications of new Office of the National Coordinator for Health IT (ONC) regulations regarding the protection of patient data.
While some HIPAA flexibilities have been enacted in response to COVID-19, HIPAA security and privacy rules still require that patients’ protected health information (PHI) remains safe from unauthorized viewing.
The new ONC rule, going into effect on April 5, 2021, will affirm the patient’s right to have their PHI sent where they want and in the format of their choice and communicate that a failure to send this information is a HIPAA violation.
“The rule is meant to [change] a ‘may share information’ to a ‘must share information’ approach unless there is an exception,” Munoz says. “While this rule is really meant to provide better communications and data sharing among health care providers in an effort to provide the patient with better care coordination, it also further supports the patient’s right to access their medical records as protected by HIPAA.”
While patients are free to request that their information be sent electronically, providers should implement protocols to protect themselves from mistakenly breaching patient information and violating HIPAA. A covered entity must obtain the patient’s written authorization for any disclosure of PHI “that is not for treatment, payment, health care operations or otherwise permitted or required by the privacy rule,” Munoz says. The patient’s HIPAA rights are implicit, and the release authorization is “not a blanket release of any privacy rights and does not relieve the provider of the responsibility to protect that information.”
Subscribers may access the full article online here.