ZDNet Healthcare

Dana Blankenhorn
Home / News & Blogs / ZDNet Healthcare

How would you change HIPAA data protection rule

By | April 22, 2009, 10:08am PDT

Summary: At first glance the new rules are not that onorous. The proposal notes, for instance, that once personally-identifiable information is stripped from a record it is no longer subject to the law’s provisions, as when records are compiled for purposes of research.

The Department of Health and Human Services is out with new rules for protecting and dealing with the loss of patient data under HIPAA, with comments due May 21 either in writing or online.

The new proposed rules, called a guidance, are required under the HITECH Act, part of the Obama Stimulus.

An FTC rulemaking ion the same subject, covering entities not otherwise covered by HIPAA, is also going through its comment period, with those due June 1.

Generally both sets of rules require that patients be notified when their data is put at risk, and describes how encryption or anything which renders the data unusable can protect covered entities from liability.

HIPAA has been used as an excuse to keep records on paper ever since the act was passed, with the health industry continuing to insist on looser restrictions and privacy advocates urging a tightening.

At first glance the new rules are not that onorous. The proposal notes, for instance, that once personally-identifiable information is stripped from a record it is no longer subject to the law’s provisions, as when records are compiled for purposes of research.

Still, the idea that you must maintain control of records and notify consumers of any loss of data remains a fear for all health providers. Will this proposal alleviate those concerns?

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “ZDNet Healthcare”

Topics

Data Protection, Patient, Hipaa, Regulatory Compliance, Regulations, Healthcare, Government, Human Resources, Policies And Procedures, Dana Blankenhorn

Disclosure

Dana Blankenhorn

Dana Blankenhorn has been a journalist, writer and part-time futurist for over 30 years. At the present moment I run only a personal blog in addition to my ZDNet open source blog. DanaBlankenhorn.Com has the subtitle The War Against Oil. In the past I have used it to write about political history, e-commerce, personal matters, some ideas related to open source, and The World of Always On, which is the idea of using sensors, motes and RFID to turn WiFi links into platforms for applications which live in the air. My IRA account at Schwab holds a few tech shares, most notably some Intel and Applied Materials, but there are no open source companies in it. I don’t even own any CBS stock.

Biography

Dana Blankenhorn

Dana Blankenhorn has been a business journalist since 1978, and has covered technology since 1982. He launched the Interactive Age Daily, the first daily coverage of the Internet to launch with a magazine, in September 1994.
5
Comments
Add Your Opinion

Join the conversation!

Just In

Works for me
Yagotta B. Kidding 22nd Apr 2009
HIPAA has been used as an excuse to keep records on paper ever since the act was passed, with the health industry continuing to insist on looser restrictions and privacy advocates urging a tightening.

So what's the problem?

It would appear that once you factor in the cost of confidentiality, EMRs aren't as cost-effective as they're cracked up to be. So, of course, people selling them have a simple solution: get rid of patient confidentiality.

Problem solved.
View in thread
0 Votes
+ -
HIPPA
no_zd_user_name Updated - 22nd Apr 2009
Funny part is that, at least when I worked in Health Care IT, the HIPPA put great stricture on access to patient data, nothing was encrypted in the Informix database, and all electronic claims transmissions, remittance advice files, service authorizations and eligibility requests were transmitted over dial-up externally in ASCII clear text flat files with no encryption and plenty of personally identifiable information.

So, these kinds of transmissions are going on all day long throughout the Health Care industry--who is policing the data that left the Hospital destined for intermediary clearing houses and destination payors???

And as far as I recall, HIPPA didn't cover transmission of Patient Data over Facsimile devices.

From my vantage point, HIPPA is more of an encumberment at tremendous cost to the quality of Health Care.

HIPPA is 'complaint-based' meaning no audits by Federal are undertaken unless driven by a Patient complaint. So, it was up to an individual Hospital to reign in compliance and each had their own interpretation of HIPPA for their setting in terms of what was considered 'addressable' with room for 'mis'interpretation.

I can't imagine it getting any more complicated than it has already become but here we are.

What do you suppose Dana is going to happen when President Obama tries to get everyone on the same page for Universal Health Care??? It will take a miracle to have it happen. But I do believe in miracles. wink

I don't miss any of that insanity.

BTW, God Bless America and God Bless President Obama!!

Peace Dana.
0 Votes
+ -
HIPPA should have had regular audits
Lerianis 22nd Apr 2009
As part of it's interpretation of the responsibilities of health practicioners. It's just STUPID to rely on 'complaint-based' when most people wouldn't realize "Hey, my information has been broadcast!" until way after it was too late.

Better yet: don't require a Social Security number in medical records. Give everyone a randomly assigned number that has NOTHING TO DO with their social security numbers to alleviate that concern.
0 Votes
+ -
Good points
DanaBlankenhorn 22nd Apr 2009
I think the first point is addressed in these
proposals, which give companies an affirmative
duty to confirm security breaches. The second is
also a good point. Index points are important.
0 Votes
+ -
Works for me
Yagotta B. Kidding 22nd Apr 2009
HIPAA has been used as an excuse to keep records on paper ever since the act was passed, with the health industry continuing to insist on looser restrictions and privacy advocates urging a tightening.

So what's the problem?

It would appear that once you factor in the cost of confidentiality, EMRs aren't as cost-effective as they're cracked up to be. So, of course, people selling them have a simple solution: get rid of patient confidentiality.

Problem solved.
0 Votes
+ -
Works for me
Yagotta B. Kidding 22nd Apr 2009
HIPAA has been used as an excuse to keep records on paper ever since the act was passed, with the health industry continuing to insist on looser restrictions and privacy advocates urging a tightening.

So what's the problem?

It would appear that once you factor in the cost of confidentiality, EMRs aren't as cost-effective as they're cracked up to be. So, of course, people selling them have a simple solution: get rid of patient confidentiality.

Problem solved.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix