HHS to the rescue?

With all the news about Covid-19 and the outright hysteria (warranted or not) gripping the nation and the globe, I thought it would be a good time to share some positive news on the healthcare front.

Yesterday, the Department of Health and Human Services announced two new final rules regarding patient access to their medical records. The rulings make health insurance companies responsible for making this happen. That's in contrast to the efforts of past administrations to require electronic health records (EHR) companies (who had zero incentive to do this) or the health information exchanges created by the Affordable Care Act to provide that information. Unfortunately, a few companies hold 80% of all of our medical records, and they decided it wasn't in their best interest to share, so they didn't, and here we are today. The state of interoperability has been a dismal failure, and we, the patients, have suffered as a result.

The new rulings, by contrast, do an end-around on the major healthcare data stakeholders and instead put the burden on the health insurers themselves. This is such a natural fit it defies logic it wasn't the approach taken years ago. Health insurers have a vested interest in keeping their patients informed and engaged, and what better way to do that than to become the conduit for patients to the care community.

It's going to be a bumpy road, to be sure. There are heavyweights in this fight with large lobbying budgets, and they're not going to roll over without a fight. However, insurance companies (public and private) hold the purse strings that feed the healthcare industry, and if they tell a major medical center to give them access to additional patient records per the legal requirement or you won't get paid, watch how fast Cerner and Epic fall in line.

I don't think I'm alone in dreaming of the day when our medical records are as available to us as our financial information is. For those of you who know me well, you know I left the finance industry and entered healthcare to help make this happen. Over the past 20 years, I've invested heavily to facilitate that end - including jumping into HIPAA compliance to help organizations protect this valuable information so it can be shared safely and securely and with public support. The end game is this - better, more informed care for all of us.

I am hopeful and optimistic that this maneuver around the current roadblocks will accomplish the goal of more informed patients and care providers. If successful, this effort will bend down the cost curve and increase quality outcomes in a relatively short period of time.

If you'd like to read the announcement, here's the link: https://www.hhs.gov/about/news/2020/03/09/hhs-finalizes-historic-rules-to-provide-patients-more-control-of-their-health-data.html. If you can't tell, I'm passionate about this issue and have been for a long time. I lost two people I love because their providers didn't have the information they needed for their care. I'm happy to share their story and the role we've played in solving this problem if you'd like to hear it, just call.

Be careful what you click on, wash your hands, don't touch your face, and don't sneeze on your neighbors (that's just rude anyway)!


If you have any questions or if you are concerned about your organization's cybersecurity, give us a call at (800) 970-0402. We'll be happy to help.


For more HIPAA information, download our ebook - The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.