The move is just one of many regulatory tweaks being made amid the looming presidential transition.
In a landmark move made amid a flurry of other regulatory revisions affecting the healthcare industry, federal officials announced that they are proposing changes to the Health Insurance Portability and Accountability Act’s (HIPAA’s) Privacy Rule.
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced the proposed changes to “support individuals’ engagement in their care, remove barriers to coordinated care, and reduce regulatory burdens on the healthcare industry,” the Department said in a press release. The Notice of Proposed Rulemaking (NPRM) is one part of HHS’s Regulatory Sprint to Coordinated Care initiative, which officials said seeks to promote value-based healthcare by scrutinizing federal regulations that hold back providers from making improvements for patients.
The proposed changes include “strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the opioid and COVID-19 public health emergencies; and reducing administrative burdens on HIPAA-covered healthcare providers and health plans, while continuing to protect individuals’ health information privacy interests,” HHS said.
“Our proposed changes to the HIPAA Privacy Rule will break down barriers that have stood in the way of common-sense care coordination and value-based arrangements for far too long,” HHS Secretary Alex Azar said in a statement. “As part of our broader efforts to reform regulations that impede care coordination, these proposed reforms will reduce burdens on providers and empower patients and their families to secure better health.”
OCR is now encouraging comments from stakeholders, including patients and their families, HIPAA-covered entities (health plans, healthcare clearinghouses, and most healthcare providers) and their business associates, consumer advocates, healthcare professional associations, health information management professionals, health information technology vendors, and government entities.
The American Health Information Management Association (AHIMA) was quick to voice an opinion.
“We are pleased to see the long-awaited release of the Office of Civil Rights’ (OCR) proposed modification to the HIPAA Privacy Rule that aims to empower patients and enhance care coordination,” AHIMA Chief Executive Officer Wylecia Wiggs Harris said in a statement. “In particular, we are pleased the rule proposes strengthening the individual right of access under HIPAA. We are also pleased it seeks to clarify how an individual’s right to direct their protected health information (PHI) to a third party should be treated. In certain instances, this has led to delays in individuals being able to access their medical record.”
“We also look forward to reviewing OCR’s proposal to clarify the scope of covered entities’ ability to disclose PHI to social service agencies or community-based support programs,” Harris added. “As social determinants of health (SDoH) increasingly become a priority for many providers, the sharing of information across clinical and non-clinical settings may include PHI. This makes it critically important to prioritize the privacy, security, and confidentiality of this sensitive information.”
Public comments on the NPRM will be due 60 days after publication in the Federal Register. The NPRM can be downloaded in its entirety from HHS’s website at https://www.hhs.gov/sites/default/files/hhs-ocr-hipaa-nprm.pdf – PDF.*
* People using assistive technology may not be able to fully access information in this file. For assistance, contact the HHS Office for Civil Rights at 800-368-1019, toll-free at 800-537-7697, or by emailing OCRMail@hhs.gov.
The announcement came on the heels of a Centers for Medicare & Medicaid Services (CMS) announcement that they were making the most significant changes to the Physician Self-Referral Law, better known as the “Stark Law,” since its passage in 1990 (HIPAA was signed into law in 1996).
The Stark Law prohibits physicians from making referrals to any entities for certain healthcare services if the physicians have any form of a financial relationship with such entities. But after first outlining concerns last year, federal officials said the industry’s ultimate move toward value over volume meant the law burdened providers with unnecessarily added administrative costs while inhibiting progress in the transition.
CMS noted that the provisions of the Stark Law constituted one of the top concerns voiced by providers when the agency held listening sessions in 2017 as part of its “Patients over Paperwork” initiative.
Last week, President Trump unveiled his administration’s Artificial Intelligence (AI) Action Plan for America, a sweeping, 90‑point policy initiative aimed at securing U.S. dominance in AI
EDITOR’S NOTE: Following last Monday’s Monitor Monday Internet broadcast, the U.S. Department of Health & Human Services (HHS) posted new guidance and an online portal,
Please log in to your account to comment on this article.
Denials continue to delay reimbursement, increase administrative burden, and threaten financial stability across healthcare organizations. This essential webcast tackles the root causes—rising payer scrutiny, fragmented workflows, inconsistent documentation, and underused analytics—and offers proven, data-driven strategies to prevent and overturn denials. Attendees will gain practical tools to strengthen documentation and coding accuracy, engage clinicians effectively, and leverage predictive analytics and AI to identify risks before they impact revenue. Through real-world case examples and actionable guidance, this session empowers coding, CDI, and revenue cycle professionals to shift from reactive appeals to proactive denial prevention and revenue protection.
Sepsis remains one of the most frequently denied and contested diagnoses, creating costly revenue loss and compliance risks. In this webcast, Angela Comfort, DBA, MBA, RHIA, CDIP, CCS, CCS-P, provides practical, real-world strategies to align documentation with coding guidelines, reconcile Sepsis-2 and Sepsis-3 definitions, and apply compliant queries. You’ll learn how to identify and address documentation gaps, strengthen provider engagement, and defend diagnoses against payer scrutiny—equipping you to protect reimbursement, improve SOI/ROM capture, and reduce audit vulnerability in this high-risk area.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
This third session in our 2026 IPPS Masterclass will feature a review of FY26 changes to the MS-DRG methodology and new technology add-on payments (NTAPs), presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
Federal auditors are zeroing in on Inpatient Rehabilitation Facility (IRF) and hospital rehab unit services, with OIG and CERT audits leading to millions in penalties—often due to documentation and administrative errors, not quality of care. Join compliance expert Michael Calahan, PA, MBA, to learn the five clinical “pillars” of IRF-PPS admissions, key documentation requirements, and real-life case lessons to help protect your revenue.
During this essential RACmonitor webcast Michael Calahan, PA, MBA Certified Compliance Officer, will clarify the rules, dispel common misconceptions, and equip you with practical strategies to code, document, and bill high-risk split/shared, incident-to & critical care E/M services with confidence. Don’t let audit risks or revenue losses catch your organization off guard — learn exactly what federal auditors are looking for and how to ensure your documentation and reporting stand up to scrutiny.
Learn how to navigate the proposed elimination of the Inpatient-Only list. Gain strategies to assess admission status, avoid denials, protect compliance, and address impacts across Medicare and non-Medicare payors. Essential insights for hospitals.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
