While the newly unveiled HIPAA omnibus rule, announced Thursday afternoon by the U.S. Department of Health & Human Services represents a win for patient privacy protection, executing the new rules will present a multitude of challenges, according to several FierceHealthIT Editorial Advisory Board members.
Todd Richardson (right), vice president and CIO of Wausau, Wis.-based non-profit health system Aspirus, Inc., told FierceHealthIT that providers and vendors that use and create electronic health record systems already walk a tight balance between complying with HIPAA and meeting the requirements of the HITECH Act and Meaningful Use regulations.
"On one hand we have 'protect, protect, protect' and on the other hand we have 'share, share, share," Richardson said. "While the balance is 'protect and share,' the devil is always in the details. The reality is that all of the information is not under the tight control of the covered entity."
Richardson added that while all healthcare professionals understand the responsibility to protect patient information, as more systems come online with information, inevitably, there will be more opportunity for data breaches.
"I find a little bit of irony in the reality of today's new paradigm, where we have so many people posting so much personal information on Facebook and tweeting about their every move and their latest lab result, yet the government is pushing privacy requirements further," Richardson said.
Donna Staton (left), CIO at Warrenton, Va.-based Fauquier Health, said that she's happy to see increased scrutiny for business partners and contractors as an extension of the compliance, but wonders what implications the rule might have for health information exchanges and population health management as more data is aggregated to improve outcomes.
"This may require a lot of payers and vendors to rethink their positions under reform, where there is already a lot of momentum," Staton told FierceHealthIT. "Patients will definitely see this as an improvement, though, giving them increased control, which supports the goal of improved patient engagement under reform."
Joseph Kvedar (right), director of Partners HealthCare's Center for Connected Health in Boston, referred to the new rule as a political and regulatory response to the privacy crowd. "Privacy is important," he said. "However, the more privacy we have, the less data liquidity--and that could be a challenge."
David Holland (left), vice president and CIO at Carbondale, Ill.-based Southern Illinois Healthcare, meanwhile, also acknowledged that the new guidelines will be challenging, but said he thinks they will enhance providers' ability to maintain patient trust.
"Patients come to us at the most vulnerable time of their lives. They are sick, they are in pain, they are dying," Holland said. "Trust is critical to the work we do, and patient information is critical to the delivery of healthcare. Patient's give their information to us so that we can help them. If we lose that trust, how can we deliver healthcare to them effectively?"