• Skip to main content

DistilGovHealth

DistilNFO GovHealth Advisory

  • Publications
    • Home
    • DistilINFO HealthPlan
    • DistilINFO HospitalIT
    • DistilINFO IT
    • DistilINFO Retail
    • DistilINFO POPHealth
    • DistilINFO Ageing
    • DistilINFO Life Sciences
    • DistilINFO GovHealth
    • DistilINFO EHS
    • DistilINFO HealthIndia
    • Subscribe
    • Submit Article
    • Advertise
    • Newsletters

Senate HELP Passes Health Pricing Bill, May Ease HIPAA Enforcement

Share:

July 10, 2019

A provision added to the Senate HELP bill aimed at lowering healthcare costs proposes incentivizing providers to bolster cybersecurity and urges HHS to consider their security before making HIPAA enforcement decisions.

The Senate HELP Committee approved its Lower Health Care Costs Act of 2019, which includes provisions to both incentivize healthcare providers to adopt strong cybersecurity programs and urges the Department of Health and Human Services to consider those programs before making HIPAA enforcement decisions.

On Wednesday,  the HELP committee passed the proposed legislation by a vote of 20 to 3. While the bill is primarily focused on reducing the amount patients pay out of pocket for healthcare services and providing more transparency about those costs, there are several items that pertain to HIPAA.

Initially introduced in May as the “Improving the Exchange of Health Information” provision of the legislation, the policy would recognize the security practices of healthcare providers and incentivize covered entities to implement strong cybersecurity policies.

Want to publish your own articles on DistilINFO Publications?

Send us an email, we will get in touch with you.

Further, the legislation would urge the Department of Health and Human Services to consider a provider’s adoption of those cybersecurity policies and practices when conducting audits or administering HIPAA fines related to potential violations.

The bill in no way provides a safe harbor for all HIPAA enforcements, but it’s aimed at incentivizing healthcare providers to build their security programs based on recognized cybersecurity frameworks, as well as apply security policies beyond HIPAA compliance.

The provision would also mandate HHS Office for Civil Rights to develop regulations that would help their team recognize benchmarks to show when those covered entities and business associates have built cybersecurity programs strong enough to merit a reduction of penalties, in case of a security incident or breach.

Another provision proposes the Centers for Medicare and Medicaid require health insurers to make claims data, in-network practitioners, and potential out-of-pocket expenses available to patients through APIs ensuring “all existing privacy and security protections for patient health data under HIPAA and state laws apply.”

APIs are a key component to several proposed HHS rules, including the Trusted Exchange Framework and Common Agreement and information blocking rule. Congress, security leaders, and other industry stakeholders have all expressed concerns around the API-driven ecosystem.

For the American Medical Informatics Association, the concern is that the privacy, security, and fraud issues that are raised by APIs are far too big of a challenge for HHS to handle on its own.

One of the new provisions passed on Wednesday would attempt to close some of those gaps by urging the Government Accountability Office to assess the privacy and security risks of electronic data sharing of patient health information to and from entities not covered by HIPAA.

The GAO study would be imperative to better understanding the challenges posed by APIs, especially around consumer-based apps used to transmit and store patient data.

It’s important to note that under HIPAA, OCR does already take into account a provider’s security program when applying fines. There are four categories that assess a provider’s accountability after a breach: no knowledge that HIPAA was being violated, reasonable cause, willful neglect – corrected, and willful neglect, not corrected in a timely fashion.

HHS recently moved to reduce the maximum civil monetary penalties for HIPAA violations.

The bill moves to the Senate floor, where Senate HELP Committee Chair Lamar Alexander, R-Tennessee, said he hoped it would be considered next month. Alexander also said he expects other committees will have their own provisions to add to the bill.

Date: July 10, 2019

Source: Health IT Security

Coffee with DistilINFO's Morning Updates...

Sign up for DistilINFO e-Newsletters.

Just a little bit more about you...
PROCEED
Choose Lists
BACK

Related Stories

  • Major Payers Find HHS Finalized Nondiscrimination Rule Too NarrowMajor Payers Find HHS Finalized Nondiscrimination Rule Too Narrow
  • New Clinically Validated Sleepcheck App LaunchesNew Clinically Validated Sleepcheck App Launches
  • Apple Still has a Lot of Room to Grow in the $3.5 Trillion Health Care SectorApple Still has a Lot of Room to Grow in the $3.5 Trillion Health Care Sector
  • Google Moves Further Into Healthcare: a Timeline of the Last YearGoogle Moves Further Into Healthcare: a Timeline of the Last Year
  • Superb Healthcare At Ultra-Low Prices? How Singapore Does ItSuperb Healthcare At Ultra-Low Prices? How Singapore Does It
  • AI, Machine Learning, and Blockchain are Key for Healthcare InnovationAI, Machine Learning, and Blockchain are Key for Healthcare Innovation

Trending This Week

Sorry. No data so far.

About Us

DistilINFO is media company that publishes Industry news, views and Interviews. We distil the information for you – saving time and keeping you up to date on your interest areas.

More About Us

Follow Us


Useful Links

  • Subscribe
  • Contact
  • Advertise
  • Privacy Policy
  • Terms of Service
  • Feedback

All Publications

  • DistilINFO HealthPlan Advisory
  • DistilINFO HospitalIT Advisory
  • DistilINFO IT Advisory
  • DistilINFO Retail Advisory
  • DistilINFO POPHealth Advisory
  • DistilINFO Ageing Advisory
  • DistilINFO Life Sciences Advisory
  • DistilINFO GovHealth Advisory
  • DistilINFO EHS Advisory
  • DistilINFO HealthIndia Advisory

© DistilINFO Publications