HIPAA-Altering Cures Bill Passed by House of Representatives

The controversial 21st Century Cures Bill was unanimously passed by the House Energy and Commerce Committee in May, and on Friday July 10, 2015, the U.S House of Representatives passed the Bill with a count of 344 to 77.

21st Century Cures Bill to Remove Obstacles in the Way of Medical Research

Medical research and innovation is being hampered by HIPAA, according to proponents of the 21st Century Cures Bill. The new Act aims to remove these and other barriers, to help advance America’s search for new ways to tackle the advance of superbugs, antibiotic-resistant bacteria and the deadly viruses now threatening the health of U.S citizens.

The Cures Bill has received some criticism in its short history. Privacy advocates object to the wide range of data that can potentially be shared; information currently under the protection of HIPAA. It is feared that the bill could weaken HIPAA protections if it becomes law. If that happens, HIPAA Rules would certainly need to be changed.

HIPAA Changes Necessary as a Result of the Cures Bill

At present, the HIPAA Privacy Rule restricts the use and disclosure of Protected Health Information (PHI) to matters relating to the provision of medical services, payment for those services and other essential healthcare operations.

Information can be disclosed to a third party, for the purposes of marketing for example, but only if prior written consent has been obtained from the patient. The same rules apply to the sharing of information for medical research. Information can be shared, but only with consent, unless the data supplied has been first been de-identified.

Numerous changes are called in the 309-page Cures Bill, although one of the major Privacy Rule altering provisions is to allow the sharing of PHI for medical research purposes. If passed, the Cures Bill would allow HIPAA-covered entities to share healthcare data without first having to obtain content from the patient.

Cures Bill Still Receiving Criticism from Privacy Advocates

Deborah Peel M.D, founder of the advocacy group Patient Privacy Rights, has been critical of the bill due to the additional privacy and security risks that will be introduced if data is shared with multiple individuals and organizations.

She recently told Security Media Group, “Researchers, and all those that take our data, magnify the risks of data breach, data theft, data sale and harm,” she went on to say. “Researchers are simply more weak links in the U.S. healthcare system which already has 100s of millions of weak links.”

Improved PHI Access Rights for Patients

The HIPAA Privacy Rule introduced a number of provisions to protect the privacy of patients, while also ensuring they could access their medical records, if they so required. The Cures Bill takes this a step further, and will permit patients to obtain copies of their entire health record; including physician notes and other “unstructured data”. Essentially, a patient will be able to obtain their entire medical history, on request.

Planned Penalties for EHR Vendors

The move from paper files to electronic health records has been challenging, and to make matters worse, healthcare providers are struggling with EHRs that exhibit poor interoperability. The Cures Bill aims to remove obstacles preventing the development of a fast, efficient, and above all else, secure electronic health information exchange. EHRs are critical, and the Cures Bill is targeting EHR vendors’ software. Any vendor discovered to be selling software that falls short of the required interoperability standards will be penalized. The HHS will be given the authorization to issue interoperability-related fines.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.