Subscribe if you want to be notified of new blog posts. You will receive an email confirming your subscription.

Please enter your name.
Please enter a valid email address.

Please check the captcha to verify you are not a robot.

Something went wrong. Please check your entries and try again.

Health Data Outside HIPAA: Simply Extending HIPAA Would Be a #FAIL

goldilocks + porridgeSome have called on policymakers to extend HIPAA to cover mHealth apps and other online platforms.

In the latest post in our series — “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” — Deven McGraw and I argue that extending HIPAA is not a viable solution.

In summary:

  • HIPAA’s rules were not designed to address privacy risks introduced by widespread personal information collection and use in the modern digital ecosystem.
  • HIPAA’s rules were designed to support information flows within the health care system and allow for broad uses and disclosures of data by both covered entities and business associates without the need to obtain patient consent.
  • HIPAA is “leaky” — it expressly allows covered entities and business associates to share data outside of HIPAA, including selling de-identified data, without patient consent.
  • HIPAA’s rules protect data and also protect incumbents’ interests in controlling health data.
  • Ultimately Congressional action is needed to establish meaningful privacy protections for personal data.

Read the full article in The Health Care Blog.

fyi, here’s a listing of all the posts in the Health Data Goldilocks series to-date. Some great articles here from guest-author industry luminaries:

 

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License. Feel free to republish this post with attribution.