Navigating the revamped HIPAA omnibus rule will be no minor feat for healthcare organizations, according to several hospital CIOs who spoke recently with the Wall Street Journal.
In particular, the CIOs talked about data segmentation as being among the most challenging aspects of the rule. Scott Joslyn, vice president and CIO at Orange County, Calif.-based MemorialCare Health System, discussed the impact of patients choosing to share only certain pieces of information with clinicians, saying that it could hinder a provider's ability to provide complete medical care for those patients.
Adding on to that point, Cleveland Clinic CIO Martin Harris said that it's not clear who would even be in charge of setting up the application to allow data segmentation. "Many people need to be involved in understanding the nuances" associated with segmentation, he told the Wall Street Journal.
Shortly after the new rule was unveiled in January, several FierceHealthIT Editorial Advisory Board members shared their thoughts on compliance. Among them, Todd Richardson, vice president and CIO of Wausau, Wis.-based non-profit health system Aspirus, Inc., told FierceHealthIT that providers and vendors that use and create electronic health record systems already walk a tight balance between complying with HIPAA and meeting the requirements of the HITECH Act and Meaningful Use regulations.
"On one hand we have 'protect, protect, protect' and on the other hand we have 'share, share, share,' Richardson said. "While the balance is 'protect and share,' the devil is always in the details. The reality is that all of the information is not under the tight control of the covered entity."
Marcy Wilder, director of the global privacy and information management practice for Washington, D.C.-based law firm Hogan Lovells, told FierceHealthIT for a special report on the rule that providers she had spoken with about the rule said they thought the patient data segmentation provision would be "difficult to administer." You've got to track those requests through the system, which means information can't be synced to a health plan," she said.
To learn more:
- here's the Wall Street Journal post