HIPAA Privacy Rule Proposed Change
HHS released proposed changes to the HIPAA Privacy Rule with the goal of strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; and enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the Opioid and COVID-19 public health emergency.
Comments are due Thursday, May 6, 2021. APA developed a template letter for District Branches to submit comments. Download APA's template letter here (.docx). The template letter responds to the following proposed changes:
- Requiring the sharing of protected health information (PHI and electronic protected health information or ePHI) at the point of care.
- The proposal would amend the Privacy Rule to replace the "serious and imminent threat" standard with a "serious and reasonably foreseeable threat" standard. This is defined to mean "that an ordinary person could conclude that a threat to health or safety exists and that harm to health or safety is reasonably likely to occur if a use or disclosure is not made, based on facts and circumstances known at the time of the disclosure." It also modifies the standard for certain permitted disclosures from one based on a covered entity's "professional judgment," to one based on its "good faith" belief that a disclosure would be in the best interest of the individual.
- The proposal notes, some covered health care providers, such as licensed mental and behavioral health professionals, have specialized training, expertise, or experience in assessing an individual's risk to health or safety (e.g., through a violence or suicide risk assessment) and, therefore, the standard includes an express presumption that such a health care provider has met the reasonably foreseeable standard when it makes a disclosure related to facts and circumstances about which the health care provider (or a member of the team) has specialized training, expertise, or experience.
HIPAA Guides For APA Members
If you are an APA member, you can access two comprehensive HIPAA guides.
APA's HIPAA Privacy Rule Manual: A Guide for Your Psychiatric Practice
HIPAA Privacy Rule Manual is avialable in pdf and word documents:
HIPAA Privacy Rule Manual, includes:
- step by step instructions
- fillable PDF forms
- frequently asked questions (FAQs)
- thorough explanation of the regulations
- useful cross references to other APA privacy resources and guidelines
- Notice of Privacy Practices template
- Receipt of Notice of Privacy Practices Written Acknowledgment form template
- Workforce Confidentiality Agreement template
- Business Associate Agreement template
- Determine Whether Your Practice Uses and Discloses PHI for Research Purposes checklist
APA HIPAA Security Rule Manual
Also available to APA members is a How to Guide on Using the Security Rule Manual
APA HIPAA compliance manuals are a membership benefit. They are copyrighted documents. APA members may use them in their private practice without first seeking written permission from APA. Redistribution, resale or reproduction is expressly prohibited without prior written consent.
APA Resource Documents
- Psychotherapy Notes Provision of the HIPAA Privacy Rule
- Documentation of Psychotherapy by Psychiatrists
- Resource Document: Minimum Necessary Guidelines for Third-Party Payers for Psychiatric Treatment
Resources on Privacy and Psychiatric Disorders
- APA responds to HIPAA Request for Information
- Message from Secretary of HHS on Permissibility of HIPAA Mental Health Disclosures, Sent in Response to Newtown and Aurora Tragedies
- HHS Office of Civil Rights frequently asked questions on HIPAA and sharing information related to mental health, including communication with a patient's family members
- American Medical Association HIPAA Toolkit
- HHS Office for Civil Rights (OCR)
Important disclaimer regarding HIPAA and the laws of your state
Many state privacy laws will continue to apply following the compliance date of the HIPAA privacy regulations. You are advised to consult with your state medical society, local chapter of specialty society, legal counsel or advisors familiar with your state’s laws to determine which state laws and regulations will impact:
- the operation of your practice, and
- the contents of any form, template document or agreement contained on this page
This page or any materials hosted within are not intended as, and do not constitute, legal or other professional advice.