HIPAA change alert

HIPAA complianceA new administration is typically indicative of changes in regulations and requirements. That’s certainly true with this administration, and true as it pertains to HIPAA enforcement. One potential and welcome change that is currently matriculating through the bureaucratic process is alleviating the current requirement to have patients sign off on your Notice of Patient Privacy. The previous head of OCR viewed this requirement as unnecessary, and it appears the current leadership agrees. Hopefully, we will see this change soon. Another area of focus that appears to be retained, and is facing change, is patient’s rights as it pertains to access to their records. 

With 14 fines to date in just the past couple of years relating to patient access rights, this has proven to be a problematic area for providers to address. One of the critical proposed changes is to shorten the time a Covered Entity (CE) has to comply with a patient request for records from the current 30 days to 15 days. That’s going to be a challenge for many providers who have not established a streamlined, and preferably automated, approach to handling these requests. 

We encourage you to implement a fail-proof process for meeting this requirement. The best way to do it, in our opinion, is with a patient portal, but one where your records are automatically synchronized. This provides patients with near-real-time access to their records with the only administrative burden being on your staff to provide your patients with the tools to access their accounts. Of course, for many CEs automation is not available. If that’s you, then you need to create a manual process that will address patient requests in a timely and efficient manner.

Of course, we have over 20 years of experience working with medical offices in most areas of information management. If you would like suggestions for your specific situation, please feel free to call us.

Be safe. Thanks for reading.


If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.

For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.