Why HIPAA needs an update

HIPAA document

Photo credit: Getty/designer491

While technology and innovation in healthcare has undergone a rapid evolution, the Privacy and Security Rules within the Health Insurance Portability and Accountability Act have remained stagnant, say registered nurse Karen Colorafi and attorney Bryan Bailey.

To that end, Colorafi, an assistant professor at the College of Nursing at Washington State University, and Bailey, of Phoenix-based firm Milligan Lawless, believe the rules should be updated to keep up with “unimaginable” advancements over the last 20 years.


On-Demand Webinar: Using Secure Patient Communications for Curbside Check-In

Learn how healthcare organizations are using virtual check-in to deliver patient-centric experiences that are safe, convenient and secure. Watch this 30-minute on-demand webinar to learn more.

“The Security Rule was created with unusual foresight as a set of flexible requirements that could change and adapt with innovation,” the authors say in a viewpoint published in JMIR Medical Informatics. “Yet every week, the headlines online and in the papers discuss significant HIPAA infractions. ... We listen to stories from our friends and patients about the battles they have mounted to gain access to their own healthcare data.”

Colorafi and Bailey offer recommendations based on one scenario: the electronic health record system demonstration. While demonstrations often are deemed helpful for training fellow providers, they also must be approached carefully, the authors say.

“It is important to remember that innovation does not simply happen once,” Colorafi and Bailey say. “A learning organization will revisit their policies and procedures related to the protection of data at least annually, or when a change in infrastructure demands. [W]e ought to consider that an Act that was innovative in 1996 may no longer solve the problems it was created to address, partly because the nature of the problem has changed.”

Earlier this year, lawmakers chastised the Department of Health and Human Services for what they called “sluggish” and “disappointing” progress on promised updated technical compliance guidance for HIPAA. In particular, the legislators were concerned about a continued lack of clarity about how HIPAA applies in a mobile environment, saying such murkiness prevented consumers from benefiting from connected health technologies.

Still, many in the industry already don’t take proper steps to ensure HIPAA compliance, meaning HHS officials must address similar issues year after year.

Suggested Articles

The Supreme Court is unlikely to hear arguments on a pivotal case over the ACA's constitutionality before the November presidential election.

Surescripts has teamed up with public health officials and laboratories to accelerate case reporting on COVID-19 cases.

Amid the coronavirus pandemic, more providers are seeing telehealth as a critical tool to connect with patients, a new survey from CVS Health shows.