Staying Compliant as HIPAA Changes: A System for Success

It seems like just when you finally feel on top of your HIPAA compliance, you hear about a change to HIPAA coming soon. And, with the implementation of Information Blocking in 2021, the Healthcare Cyber Security Act in 2022, and Proposed Modifications to the HIPAA Privacy Rule coming in 2023, it’s feeling harder than ever to keep up with changing regulations in healthcare.

While modifications and updates to regulations are always going to be a part of HIPAA compliance, it doesn’t have to be a huge headache every time something shifts. With the right planning, preparation, communication, and training strategy, you can achieve compliance despite a changing regulatory landscape.

Today, we’re sharing our system for success—so you can stay up-to-date and in compliance, even as HIPAA changes.

Why HIPAA Changes

HIPAA changes are inevitable as the world—and especially the storage and sharing of Protected Health Information (PHI) changes.

The adoption of telehealth, the use of smartphones in clinical settings, and the digital transmission of ePHI all impact regulations. As technology changes and Healthcare is the number one industry targeted by cyberattacks, regulations must adapt to protect patient data from new and growing threats.

Additionally, the Office for Civil Rights (OCR) works to clarify and expand patient rights and PHI protections on an ongoing basis. The Proposed Modifications to the HIPAA Privacy Rule are designed to strengthen individuals’ rights to access their own health information.

This also may include updated regulations to clarify who can access PHI in specific situations. For instance, the coming changes to the HIPAA Privacy Rule also facilitate family and caregiver involvement in care during emergencies, and enhance flexibility for disclosures in emergency situations.

HIPAA Changes in 2022 and 2023

The proposed changes to HIPAA and other healthcare privacy and security regulations slated for 2022 and 2023 can seem overwhelming. We are seeing numerous proposed bills, Requests for Information (RFIs) and proposed modifications that will impact compliance for Covered Entities.

In this changing regulatory environment, some of the updates to watch for include:

• Study of Health Data Use and Privacy Protection, introduced to the Senate in February 2022.
• Healthcare Cyber Security Act of 2022, introduced to the senate in March 2022.
• Cyber Incident Reporting for Critical Infrastructure Act, signed March 15, 2022.
• Office for Civil Rights RFI, with updates to the HIPAA Security Rule anticipated in late 2022.
• American Data Privacy and Protection Act, introduced to the House of Representatives June 21, 2022
• Proposed changes to the HIPAA Privacy Rule, anticipated in Q1 of 2023.

There are many changes to keep track of in healthcare privacy and security right now, but they will ultimately strengthen HIPAA to keep PHI secure, and some may even ease processes for your organization.

You can stay up-to-date using the U.S. Department of Health and Human Services website, and by following HIPAAtrek on LinkedIn.

How to Stay Compliant as Regulations Change

While the sheer number of changes to HIPAA and similar regulations can be overwhelming, you can respond to each of them using a similar system for success.

We recommend a 3-step system, beginning with a foundation of risk analysis, building buy-in among key leaders, and finally, creating a training plan to implement new regulations in the day-to-day of your organization.

Step 1: Conduct a Risk Analysis

Risk analysis is the foundation of a strong compliance program—after all, you can’t know where you’re going without knowing where you are. And, if you are already noncompliant before a regulation changes, you will have a lot of catching up to do.

Once HIPAA law is updated, your organization has 180 days to achieve compliance—not a lot of time if sweeping changes are involved.

That’s why a proactive risk analysis is critical to navigating changes in HIPAA compliance. By conducting a risk analysis and identifying gaps in your existing compliance program, you can identify steps to start from a strong foundation of compliance once changes go into effect.

Additionally, your risk analysis should identify gaps between your existing program and proposed rule modifications. By identifying next steps proactively, you will start out ahead when regulations ultimately change.

Your gap analysis should include:

• A thorough review of policies to ensure compliance with the existing HIPAA regulations,
• An assessment of the training on, and execution of, compliance among your team members, and,
• An implementation plan ready-to-go when HIPAA changes go into effect.

At HIPAAtrek, we offer a Privacy Gap Assessment that does exactly that, assessing your Privacy Program, identifying gaps, and providing a roadmap to compliance under the new regulations in 2023. Click here to learn more.

Step 2: Communicate with Leadership

The second step to proactively maintaining compliance is communication with organizational leadership. The C-Suite and other leaders often lack an understanding of the complex changes to HIPAA that the compliance department manages.

By taking a proactive approach to sharing with leadership, you can help them understand the changes that will impact them. It can also be valuable to explain in advance the need for investments in risk analysis, training, and compliance software to support transitions.

When speaking with leadership, reinforce the idea of compliance protecting the organization from undue risk—especially when regulations are updated. By proactively maintaining HIPAA compliance, the compliance department protects the revenue of every other department in the organization.

Step 3: Create a Plan to Train Your Team

Sweeping changes to HIPAA will require more than just superficial updates to policies—you must train your team in order to create compliance in practice.

Once you have conducted your risk analysis and spoken with leadership, it is time to make a plan for training your team on new policies and practices.

When you’re developing training on new regulations, consider:

• Communicating HIPAA changes in multiple ways—emails, posters, checklists, and videos reinforce the importance of these updates,
• Using a combination of text, photos, videos, and quizzes to keep it interactive—and employees listening, and
• Focusing training around real-life situations and role playing so employees see how these updates impact their day-to-day.

That last point is critical—your team needs to know how changes to HIPAA will impact their daily tasks, so they don’t fall back into old (non-compliant) habits. Training is your opportunity to create compliance in action through the work of each member of the team—so clarity is key.

If all of this sounds a bit overwhelming—it doesn’t have to be! We made a Changing Regulations Cheat Sheet to help you remember these steps to success. Click here to download it now:

HIPAA Compliance Software Supports Regulatory Transitions

The other foundational step you can take to support your compliance through HIPAA changes is to invest in HIPAA compliance software like HIPAAtrek. At HIPAAtrek, we are focused on supporting our clients through changing regulations, so they can relax and remain confident in their compliance.

If you use HIPAAtrek, you can implement changes to policies and training using our up-to-date HIPAA policy templates and training videos, built right into the platform. You can even assign follow-up quizzes to your team and track results.

Working from your proactive risk analysis, you can tag policies, contracts, and forms that will require updates, so you are prepared when regulations are finalized. Plus, automatic version tracking in HIPAAtrek’s software creates an auditable trail of compliance, and shows your timeline of implementing updates, so you can prove compliance to your board or the OCR.

But perhaps the best part of working with HIPAAtrek is that you don’t have to face HIPAA changes alone. We host ongoing conversations with our compliance community, to cover critical updates and keep you informed. Our in-house HIPAA compliance experts read those long regulations and modifications—so you don’t have to.

Ready to find compliance confidence? Click here to learn more about HIPAAtrek.

Maintaining Compliance as HIPAA Changes

Compliance is dynamic, complicated, and subject to change. If you rest on your laurels or assume changes don’t matter to you, you could be exposing your organization to new and unnecessary risks.

While every regulatory change has its own nuances, a system for success can help you prepare for any HIPAA changes the OCR throws your way. Build on a foundation of risk analysis, create open communication with key players, and focus on training your team effectively.

And, don’t forget, we have a free Changing Regulations Cheat Sheet to help you stay on top of changes to HIPAA and other privacy and security regulations. Click here to download it now: