Skip to content

The 2023 HIPAA Privacy Rule Changes and Their Impact on Medical Record Retrieval

The healthcare industry is constantly evolving, and one of the key pillars in this domain is patient privacy.

The Health Insurance Portability and Accountability Act (HIPAA) has been safeguarding patient information and ensuring confidentiality.

As technology advances, new challenges emerge and HIPAA must address the changing landscape.

Several significant HIPAA Privacy Rule Updates will come into effect in 2023.

It will impact various aspects of medical record retrieval.

The HIPAA Changes in 2023

Fundamental changes to the HIPAA privacy rule are:

  • Normalize the electronic health record definition
  • Clarify privacy practices
  • Provide transparency for access fees
  • Reaffirm an individual’s access rights

It includes vital health information of patients, their care plans, and transaction information.

The information will not be subject to the rule if it is not stored electronically.

If a provider has information stored in paper records, a standard third-party authorization form is required to grant access.

A healthcare provider will require a written request to access PHI.

Under the new rule, a healthcare provider’s response time is reduced.

Once it goes into effect, providers must act upon the request as soon as possible, but it should not exceed 15 calendar days.

If the provides explain the reason in detail then, 15 days extension is provided to them along with a new response date.

Meaning, providers will have to provide rapid replies.

The healthcare providers will have to manage and address inefficiencies and the information release process.

The most significant change is the cost of electronic records with the effort required to produce an electronic copy.

If an individual requests a copy of their records delivered to them electronically, the provider can only charge a reasonable fee according to the new rule.

Even if the provider sends it through the postal service in a CD, the provider can only charge for the labor component.

The provider cannot charge for

  • Media
  • Envelope
  • Mailer
  • Labels
  • Other expense

The cost-based fee, limited to labor, will also apply to an electronic copy of an electronic health record directed to a third party.

Providers and the information release vendors will not be getting any profit by being PHI gatekeepers.

They won’t be able to charge hundreds or thousands of dollars for a PDF file.

The Key HIPAA Rule Changes in 2023

1. Single patient consent for all future uses and disclosures of SUD records for:

  • Treatment
  • Payment
  • Healthcare operations

2. Patients can request restrictions on certain records disclosures and obtain an account of disclosures of their SUD records

3. Expansion of prohibitions on the use and disclosure of Part 2 records in

  • Civil proceedings
  • Criminal proceedings
  • Administrative proceedings
  • Legislative proceedings

4. Part 2 programs must establish a complaints process about Part 2 violations. It should not require patients to waive the right to file a complaint as a condition of

  • Providing treatment
  • Enrollment
  • Payment
  • Eligibility for services

5. The breach notification requirements will apply to Part 2 records, which will come under the HIPAA Breach Notification Rule

6. The Privacy Practices requirements have been updated in the HIPAA Privacy Rule Notice. It addresses the uses and disclosures of Part 2 records and individual rights for those records.

7. The HHS will be able to impose civil money penalties for violations of Part 2, along with HIPAA and the HITECH Act

OCR Requested Changes in HIPAA Rule Through RFI

OCR asked 54 different questions in its RFI. Some of the main aspects under consideration were:

  • The patient’s right to obtain and access their protected health information (PHI)
  • The providers’ response time frame for these requests which is 30 days currently
  • Eliminating the need to obtain written confirmation from an organization due to privacy concerns
  • Promotion of parent and caregiver roles in care
  • Restrictions ease on PHI disclosures without prior authorization
  • Exceptions to the required PHI disclosure standard
  • Changes were made to the requirements of the HITECH Act for PHI disclosure for healthcare operations, payments, and treatments
  • Information sharing for care coordination and treatment
  • Sharing PHI with other providers has become mandatory according to the change in the Privacy Rule
  • Addressing the opioid crisis and serious mental illness

Is Your Healthtech in Compliance with the Changing Healthcare Regulations?

The need for healthcare IT to be compliant with the regulations is one of the most crucial things in the healthcare industry.

With the changing rules, you will have to ensure that your healthcare IT is ready for the upcoming updates in the healthcare regulations.

If they’re not ready then, don’t worry. We’ve got your back.

We’re an Ontario-based healthcare IT company.

We’ve successfully delivered 60+ projects in the past 8+ years.

With our experience of working dedicatedly for the healthcare industry, we can proudly say that we’ve understood and decoded all the healthcare regulations.

If you want your healthcare to be advanced and ready for the future, hit the contact button, and let’s discuss how we can help you get your tech updated and ready for the upcoming changes.