By Jesse Berg and Julia Marotte
The Office for Civil Rights (OCR), the sub-agency within the U.S. Department of Health and Human Services charged with enforcement of HIPAA, recently launched a new tool that is intended to help developers of health care technology understand more about this important law. The idea with this new platform is that developers can post questions and comments about HIPAA privacy and security concerns. This will allow OCR to better understand the barriers that developers face and provide helpful feedback and guidance. The new platform is available here.
The HIPAA Privacy Rule went into effect back in the spring of 2003, long before apps, smartphones, tablets, or Apple Watches were on anyone’s radar. Since that time, HIPAA has changed in several important ways, but it really has not been modified to take into account technology’s ever-growing role in the way health care is delivered. Depending on the kind of technology they offer, and whether patient protected health information (PHI) plays a role in how that technology is used, developers often find themselves facing an unfamiliar and sometimes confusing or counterintuitive set of regulations. Questions that many developers have struggled with in the past include:
New Platform: A Place to Ask Questions and (Hopefully) Get Answers
To try and help developers sort through these and other questions, OCR has created this new platform. The idea is that people can raise questions and provide feedback to questions posed by others. OCR will monitor discussion and use the information to publish guidance from time-to-time to address matters that seem to be of common concern. The identities of all posters will be anonymous to the agency, and OCR helpfully notes that “posting or commenting on a question … will not subject anyone to enforcement action.” OCR explains that it wants to hear from the industry about which HIPAA requirements are confusing and what kinds of guidance would be helpful so that businesses can better understand their HIPAA obligations.
OCR has been very proactive about providing guidance to the industry about HIPAA. In recent years, they seem to have redoubled their efforts. This latest platform appears to be a nice way to express concerns and potentially get feedback from others about health care privacy and security matters. Federal agencies have repeatedly said that it is difficult for them to provide guidance to the health care industry when they do not hear directly from those in the industry about the problems encountered in meeting regulatory standards. This tool may be a helpful way to provide feedback to OCR about HIPAA issues that are vexing your organization.
If you have questions about HIPAA or the new OCR platform, please contact Jesse Berg at firstname.lastname@example.org (612.632.3374) or Julia Marotte at email@example.com (612.632.3280).
Gray Plant Mooty is recognized as one of the leading corporate law firms in Minnesota and one of the top franchise firms in the world. Our roots go back to 1866. Today, we are a full-service firm with nearly 180 attorneys and offices in Minneapolis and St. Cloud, Minnesota; Washington, D.C.; and Fargo, North Dakota.