Solutions

Solutions powered by SVG logo for hStream platform.
Learn More.
Frame 586 (1)

Quality Manager formerly known as abaqis®

Mitigate risk and elevate your quality of care. Improving both clinical and business outcomes starts with a smarter, more integrated approach to regulatory training, continuing education and quality management.

Learn More

NEW TO THE STORE

hStream Content Marketplace

Connecting you to the Best Content. Access to 75 Partners and 35,000+ Courses in our Industry-Leading Marketplace. Streamline content purchasing, updates, hosting, and connectivity for your organizational needs

NurseGrid Learn

Online store for Clinical Learners. Individual CE Credit and industry products for Clinical Learners are now available through NurseGrid Learn (Beta). Explore our robust collection of courses that provides an unparalleled level of flexibility and choice.

Practitioner Courses

Meet the DEA's new requirement under the Medication Access and Training Expansion (MATE) Act in an online, high-quality and self-paced 8-hour DEA MATE Act course specifically designed for practitioners, including Physicians, PAs, NPs, Pharmacists, Dentists and others.

LATEST & POPULAR

REPORT

2024 Annual Report on Medical Staff Credentialing
On-Demand Webinar

State of the Industry: What’s Next for Healthcare Quality & Safety in 2024?
BLOG

Summer 2024's Top Choice in Healthcare Credentialing: CredentialStream
BLOG

HealthStream Executive Briefing: CMS Minimum Staffing Standards: What You Need to Know
BLOG

The Impact of Human Connection: The LGBTQ+ Healthcare Community
Webinar

Clinical Placement for the Future of Healthcare: myClinicalExchange Discussion with CommonSpirit Mt Region and UW Health

< HealthStream Resources

blog

24-Q&C-514-Navigation HIPPA Compliance Blog 02. Blog Image-V1-MD (1)

Navigating HIPAA Compliance: Recent and Upcoming Changes in 2024

July 5, 2024
July 5, 2024

As healthcare continues to evolve, so must the regulations that govern it. This year marks a significant transformation for HIPAA compliance, with substantial changes on the horizon that will impact healthcare providers, patients, and the broader healthcare technology industry.

A Decade Since the Last Major Update

The last significant update to the HIPAA Rules came in 2013 with the HIPAA Omnibus Final Rule, which introduced new regulations mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Since then, the healthcare landscape has undergone tremendous changes, necessitating a fresh look at HIPAA regulations to address new challenges and opportunities.

Strengthening Reproductive Healthcare Privacy

In April 2024, a final rule was published to strengthen reproductive healthcare privacy. These changes, effective from June 25, 2024, and enforceable starting January 1, 2025, include:

  • A new definition of "reproductive health care" encompassing terminations, contraception, fertility, and miscarriage care.
  • Enhanced limitations on the use and disclosure of PHI related to reproductive healthcare, which cannot be bypassed by consent or authorization.
  • Mandatory attestations accompanying requests for reproductive healthcare information to ensure it is not used for out-of-state judicial or administrative proceedings.
  • Clarification that facilitating reproductive healthcare does not constitute abuse, neglect, or domestic violence.
  • Patient reassurance through updated Notices of Privacy Practices, with compliance required by February 16, 2026.

The Office for Civil Rights (OCR) has also clarified that any unauthorized disclosure of reproductive health care data will be treated as a notifiable data breach under the HIPAA Privacy Rule.

Expanding Coverage to Health Apps and Technologies

On April 26, 2024, the Federal Trade Commission (FTC) issued a final rule updating the Health Breach Notification Rule. This rule now includes health apps and other technologies not previously covered by HIPAA, such as websites collecting health data but not operated by HIPAA-regulated entities. Key updates include:

  • Expanded definitions to cover more technologies.
  • New requirements for consumer notification content.
  • Mandatory FTC notifications for breaches of 500 or more records within 60 days of discovery.

Upcoming Changes and Patient Rights Enhancements

Looking forward, several more changes are expected in 2024. Following a request for feedback from HIPAA-covered entities in 2018, the OCR proposed new regulations in December 2020 aimed at reducing administrative burdens and enhancing patient rights. Proposed changes include:

  • Allowing patients to inspect and photograph their PHI in person.
  • Reducing the maximum time to provide PHI access from 30 to 15 days.
  • Limiting ePHI transfer requests to the ePHI maintained in an EHR.
  • Enabling PHI transfers to personal health applications.
  • Providing ePHI at no cost in specified circumstances.
  • Requiring covered entities to inform individuals of their right to direct PHI copies to third parties.
  • Mandating online posting of PHI access and disclosure fee schedules.
  • Dropping the requirement for written confirmation of Notices of Privacy Practices.
  • Broadening the definition of healthcare operations to include care coordination and case management.

Challenges for Healthcare Organizations

Implementing these changes will require significant effort from healthcare organizations. Updated HIPAA policies and procedures will need to be communicated to patients and health plan members, and employees will require further training. Training courses will need to be updated, as updated training is to be provided whenever there is a material change to HIPAA policies.

Strengthening Cybersecurity in Healthcare

Since the last major update in 2013, the Security Rule has remained relatively unchanged. However, 2024 will likely bring substantial revisions driven by a new Healthcare Sector Cybersecurity concept paper. This initiative outlines steps to enhance cyber resiliency and patient safety, including:

  1. Establishing voluntary cybersecurity goals.
  2. Providing resources for cybersecurity practice implementation.
  3. Supporting greater enforcement and accountability.
  4. Expanding the HHS one-stop shop for healthcare sector cybersecurity.

Additionally, the finalized HPH Cybersecurity Performance Goals (CPGs) announced in January 2024 outline high-impact practices divided into Essential and Enhanced CPGs, with the goal of mitigating cyber threats effectively.

Compliance Audits and Future Readiness

Under the HITECH Act, OCR is mandated to conduct periodic audits of HIPAA-regulated entities. In 2024, these audits will focus on HIPAA Security Rule compliance, ensuring that healthcare organizations adhere to the latest standards and are prepared for future challenges.

The recent and anticipated changes to HIPAA regulations in 2024 represent a significant shift towards enhanced privacy, security, and patient empowerment. Healthcare organizations need strategies to stay informed and proactive while implementing these changes to maintain compliance and continue providing high-quality care.

Learn about how HealthStream’s ComplyQ can help your organization stay compliant with ever-changing regulations.

Request Demo