Why HIPAA needs an update

HIPAA document

Photo credit: Getty/designer491

While technology and innovation in healthcare has undergone a rapid evolution, the Privacy and Security Rules within the Health Insurance Portability and Accountability Act have remained stagnant, say registered nurse Karen Colorafi and attorney Bryan Bailey.

To that end, Colorafi, an assistant professor at the College of Nursing at Washington State University, and Bailey, of Phoenix-based firm Milligan Lawless, believe the rules should be updated to keep up with “unimaginable” advancements over the last 20 years.


13th Partnering with ACOS & IDNS Summit

This two-day summit taking place on June 10–11, 2019, offers a unique opportunity to have invaluable face-to-face time with key executives from various ACOs and IDNs from the entire nation – totaling over 3.5 million patients served in 2018. Exclusively at this summit, attendees are provided with inside information and data from case studies on how to structure an ACO/IDN pitch, allowing them to gain the tools to position their organization as a “strategic partner” to ACOs and IDNs, rather than a merely a “vendor.”

“The Security Rule was created with unusual foresight as a set of flexible requirements that could change and adapt with innovation,” the authors say in a viewpoint published in JMIR Medical Informatics. “Yet every week, the headlines online and in the papers discuss significant HIPAA infractions. ... We listen to stories from our friends and patients about the battles they have mounted to gain access to their own healthcare data.”

Colorafi and Bailey offer recommendations based on one scenario: the electronic health record system demonstration. While demonstrations often are deemed helpful for training fellow providers, they also must be approached carefully, the authors say.

“It is important to remember that innovation does not simply happen once,” Colorafi and Bailey say. “A learning organization will revisit their policies and procedures related to the protection of data at least annually, or when a change in infrastructure demands. [W]e ought to consider that an Act that was innovative in 1996 may no longer solve the problems it was created to address, partly because the nature of the problem has changed.”

Earlier this year, lawmakers chastised the Department of Health and Human Services for what they called “sluggish” and “disappointing” progress on promised updated technical compliance guidance for HIPAA. In particular, the legislators were concerned about a continued lack of clarity about how HIPAA applies in a mobile environment, saying such murkiness prevented consumers from benefiting from connected health technologies.

Still, many in the industry already don’t take proper steps to ensure HIPAA compliance, meaning HHS officials must address similar issues year after year.

Suggested Articles

Medicare’s Hospital Insurance Trust Fund is set to run out in the next seven years, according to a new report. 

The Trump administration has unveiled a new set of payment models aimed at boosting value in primary care, which it plans to launch next year.

More than 1 million people have lost health coverage since 2016, according to the latest data from the Congressional Budget Office.