HIPAA privacy rules not enough, IOM says

The current version of HIPAA privacy rules don't do enough to protect privacy, and at the same time hamper health research, concludes a new Institute of Medicine report.

The report suggests that privacy protection in research should be governed by something other than HIPAA privacy rules. This new approach would exempt health research from HIPAA, and instead create new privacy, data security and accountability standards for all health research, regardless of who pays for or conducts the research.

Meanwhile, if HIPAA continues to apply to health data used by researchers, IOM suggests that HHS clarify guidelines for such usage. Right now, the rules are being interpreted in widely varying ways, the IOM says.

To learn more about the report:
- read this Modern Healthcare article (reg. req.)

Related Articles:
Providers, states still struggle with HIPAA
Over-applying and misapplying HIPAA is common