HIPAA burdensome to big data healthcare efforts, BPC says

The Health Insurance Portability and Accountability Act is "misunderstood, misapplied and over-applied" to the point of being burdensome to the sharing of patient information for improved care, according to a report published this week by the Bipartisan Policy Center.

The report--based on a policy forum held last June that focused on the potential of big data in healthcare--says that while HIPAA specifies how data should be de-identified, too much variability exists in the execution of anonymization.

"Seeking consent from patients to use their data for clinical trials or observational research can help mitigate concerns about privacy, but there is evidence that using 'opt-in' or 'opt-out' patient data results in bias," the report's authors write. "Trust plays a critical role in the use of big data and data governance is needed."

At a Dec. 3 event in which the report was unveiled, Esther Dyson, chairwoman of the Health Initiative Coordinating Council, supported and echoed the BPC's sentiments.

"The problem with HIPAA is [that] it was applied much to broadly, and to be candid, it was often used as an excuse not to move data around," Dyson said, according to an article in FCW.

To ensure privacy and security while also supporting the continued push for the use of big data in healthcare, the report's authors stress that more clarity is needed on both a state and federal level of current privacy legislation.

"Supporting best practices and common policies within collaborative big data efforts will help build trust and improve the likelihood of success," the authors say. "In addition, the development of policies and technical methods to enable individuals to electronically access information in their health records should continue and accelerate."

As FierceHealthIT reported this week, two new guides are in the works to help organizations with HIPAA compliance. One is a free security risk assessment tool for small providers. A risk assessment is required under the HIPAA Security Rule and Stage 2 of Meaningful Use calls for an analysis that, among other things, addresses the use of encryption for stored patient information. The Civil Rights office and the Centers for Medicare and Medicaid Services also are developing a video focused on privacy and security issues tied to Meaningful Use.

To learn more:
- read the BPC report (.pdf)
- here's the FCW article