HIPAA May Be Getting an Update



The Health Data Use and Privacy Commission Act was introduced recently by US Senators Tammy Baldwin and Bill Cassidy. Their intent is to bring health data privacy laws into the modern age to meet the demands of a changing technology landscape. 

In previous articles, we’ve discussed some possible changes to HIPAA that may occur in 2022. Now we see a new step in the direction of updating this law. 

New Technology Necessitates Change

The Health Insurance Portability and Accountability Act was passed over 25 years ago. Many are arguing today that this law is lacking when it comes to the privacy protections now required with new and emerging technologies. These two Senators have decided that HIPAA needs an update, to continue to ensure patient data is being protected. 

Providers have seen a world of new opportunities open up with the rise of Telehealth, especially due to the pandemic, but every new device or system brings with it new threats and security issues. Baldwin and Cassidy have attempted to set America on the path to preventing these threats through their new Act. 

What Would This Look Like?

If the Act is passed, a group of people appointed by the Comptroller General will form a Commission to go over the current HIPAA requirements and evaluate their effectiveness in protecting health data. After six months, they will report back to Congress their suggestions for updating the law. If any of these suggestions create added burdens or costs, that will be included in the report as well. 

Specifically, the Commission will be taking a look at:

  • Threats to the privacy of Protected Health Information (PHI)
  • Appropriate reasons to share PHI to benefit patients
  • The effectiveness of the current state of privacy
  • Specific suggestions to adapt and improve regulations
  • Etc. (see the full list here)

The Commission’s focus won’t only be on changing legislation. They’ll also take a look at non-legislative ways to better equip providers to improve patient privacy. These may include new “education, market-based measures, industry best practices, and new technologies.” This advice may prove to be invaluable as organizations battle against ever-evolving cyber threats. 

The idea for this new Commission was well received. “Industry leaders, including athenahealth, American College of Cardiology, IBM, Epic Systems, Federation of American Hospitals, Association of Clinical Research Organizations, and others, voiced their support for the legislation in a letter to Senators Cassidy and Baldwin.” They stressed the importance of privacy in today’s new digital environment, particularly in the healthcare industry.

As providers and business associates seek out more help and clarification around HIPAA privacy requirements, the regulations continue to evolve in the hopes of keeping patients and healthcare organizations safe.


As part of the Medcurity community, we’ll keep you updated on the changes to HIPAA law that directly affect your organization. Feel to reach out to us with questions at any time.