February 12, 2019
Roger Severino, JD
Director Office for Civil Rights
Department of Health and Human Services
200 Independence Avenue, SW
Washington, DC 20201
RE: Request for Information on Modifying HIPAA Rules To Improve Coordinated Care
Dear Director Severino:
The Medical Group Management Association (MGMA) is pleased to submit the following comments in response to the request for information entitled, “Request for Information on Modifying HIPAA Rules To Improve Coordinated Care,” published on Dec. 14, 2018. We believe modification of the current HIPAA requirements have the potential of significantly improving the ability of physician practices to facilitate efficient care coordination and promote the transformation to value-based healthcare. At the same time, we caution the Office for Civil Rights (OCR) not to proceed with initiatives that create additional administrative burden on practices with little or no benefit to the patient.
MGMA is the premier association for professionals who lead medical practices. Since 1926, through data, people, insights, and advocacy, MGMA empowers medical group practices to innovate and create meaningful change in healthcare. With a membership of more than 45,000 medical practice administrators, executives, and leaders, MGMA represents more than 12,500 organizations of all sizes, types, structures and specialties that deliver almost half of the healthcare in the United States.
An increasing number of physician practices are acquiring certified health IT and leveraging technology to improve care coordination for their patients and to participate in value-based care arrangements. The deployment of effective federal policies that assist practices in those endeavors is critical if practices are to take full advantage of their EHRs and patients are to reap the benefits of streamlined sharing of clinical data. The HIPAA Privacy and Security Rules laid out a framework to ensure that protected health information (PHI) would be kept confidential and secure. These rules, however, were finalized (HIPAA Privacy 2003, HIPAA Security 2005) prior to the widespread use of EHRs in physician practices and prior to the advancement of value-based care arrangements. Certain provisions of these rules now can act as impediments to the efficient communication of PHI.