Kirk Nahra explains in this Bloomberg Law article why 2021 could be a watershed year in terms of HIPAA privacy and security requirements. 

Excerpt: Health-care privacy is at a crossroads. For almost 20 years, the health-care industry has addressed the requirements of the HIPAA Privacy and Security Rules, building reasonable and appropriate compliance programs from an uncertain and awkward beginning.

The stability has been important, and the important choices made in the HIPAA rules to both protect individual privacy and allow the health-care system to work effectively generally have been a positive for consumers and the industry. But there always have been gaps in HIPAA’s scope, and they are becoming more significant.

New laws are imposing inconsistent obligations across different segments of the industry, and new elements of thinking about what “health care” is that are threatening the current structure. Next year may be a watershed year, with both health-care privacy as an independent variable, and potentially in connection with a national privacy law. Here’s what to watch for in 2021.