Skip to main content

A Closer Look at the May 12, 2023 Updates

A significant shift occurred in the regulatory landscape for healthcare providers and related entities on May 12, 2023, when the Office for Civil Rights (OCR) implemented considerable changes to the Health Insurance Portability and Accountability Act (HIPAA) regulations. This article will explore these changes in detail, outlining their implications for healthcare providers, health plans, healthcare clearinghouses, and business associates.

Changes to the HIPAA Regulations

Primarily, the new rules aim to further secure the privacy and security of protected health information (PHI), enhance patient rights, and promote better information sharing in the healthcare sector.

Patient Access and Rights

One of the key changes in the updated HIPAA regulations involves the strengthening of patient rights to access their health information. Under the new rules, healthcare entities are now required to respond to patient access requests within 15 days, reduced from the previous 30-day period. This accelerates the information provision process, empowering patients to take charge of their health more efficiently.

Enhanced PHI Security

The 2023 HIPAA regulation update also includes more stringent requirements for PHI security. A notable change is the expansion of the Security Rule to cover all forms of PHI, including oral and written communications. This means that healthcare entities now need to implement stronger safeguards not only for electronic PHI but also for health information in other formats.

Changes to the Breach Notification Rule

The Breach Notification Rule has also been updated to encourage quicker response times. In the event of a breach, entities must now notify affected individuals within 30 days instead of the previous 60-day window. This change is intended to ensure that individuals can act promptly in response to any potential risk stemming from the breach.

Emphasis on Information Sharing

Under the revised regulations, the OCR has made a clear push towards improving information sharing, especially during public health emergencies, such as a pandemic. It has eased the application of penalties for violations of the Privacy Rule related to good faith uses and disclosures of PHI for public health and health oversight activities.


The recent changes to the HIPAA regulations signal a move towards patient empowerment, strengthened PHI security, and improved information sharing in the healthcare sector. While these changes pose certain challenges for healthcare entities in terms of compliance, they also open up opportunities for enhancing patient care and trust.

Healthcare providers, health plans, healthcare clearinghouses, and business associates need to review their current policies and processes, and update them as necessary to comply with these new rules. Appropriate staff training and a proactive approach to HIPAA compliance will be key in navigating these regulatory changes.

Remember, the benefits of being compliant outweigh the risks and potential penalties associated with non-compliance. With a good understanding of the new HIPAA regulations, healthcare entities can better protect patient information, build patient trust, and promote a healthier society.

Written by Eric Gaffin

Free IT Consultation

Learn more about our HIPAA services offerings

Leave a Reply