Why HIPAA needs an update

HIPAA document

Photo credit: Getty/designer491

While technology and innovation in healthcare has undergone a rapid evolution, the Privacy and Security Rules within the Health Insurance Portability and Accountability Act have remained stagnant, say registered nurse Karen Colorafi and attorney Bryan Bailey.

To that end, Colorafi, an assistant professor at the College of Nursing at Washington State University, and Bailey, of Phoenix-based firm Milligan Lawless, believe the rules should be updated to keep up with “unimaginable” advancements over the last 20 years.

Whitepaper

Key Realities Pushing Healthcare Into a Digital Future

Paper forms, contracts, and documents are the quicksand that bogs down both patient care and provider business. However, that does not have to be the case. Download this whitepaper to learn the three key realities that are pushing healthcare past paper-based processes and into a digital, more streamlined future.

“The Security Rule was created with unusual foresight as a set of flexible requirements that could change and adapt with innovation,” the authors say in a viewpoint published in JMIR Medical Informatics. “Yet every week, the headlines online and in the papers discuss significant HIPAA infractions. ... We listen to stories from our friends and patients about the battles they have mounted to gain access to their own healthcare data.”

Colorafi and Bailey offer recommendations based on one scenario: the electronic health record system demonstration. While demonstrations often are deemed helpful for training fellow providers, they also must be approached carefully, the authors say.

“It is important to remember that innovation does not simply happen once,” Colorafi and Bailey say. “A learning organization will revisit their policies and procedures related to the protection of data at least annually, or when a change in infrastructure demands. [W]e ought to consider that an Act that was innovative in 1996 may no longer solve the problems it was created to address, partly because the nature of the problem has changed.”

Earlier this year, lawmakers chastised the Department of Health and Human Services for what they called “sluggish” and “disappointing” progress on promised updated technical compliance guidance for HIPAA. In particular, the legislators were concerned about a continued lack of clarity about how HIPAA applies in a mobile environment, saying such murkiness prevented consumers from benefiting from connected health technologies.

Still, many in the industry already don’t take proper steps to ensure HIPAA compliance, meaning HHS officials must address similar issues year after year.

Suggested Articles

CMS will finalize a new methodology for its hospital star ratings in 2021, but will "refresh" the ratings on Hospital Compare in early 2020.

The CEOs of several U.S. insurers have joined 181 CEOs at U.S. corporations in a pledge to “redefine” their purpose to better serve all Americans.

While billing is primarily believed to be a provider-payment issue, a new survey finds that complications are spilling over and affecting payers.