Subscribe if you want to be notified of new blog posts. You will receive an email confirming your subscription.
Health Data Outside HIPAA: Simply Extending HIPAA Would Be a #FAIL
Some have called on policymakers to extend HIPAA to cover mHealth apps and other online platforms.
In the latest post in our series — “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” — Deven McGraw and I argue that extending HIPAA is not a viable solution.
In summary:
- HIPAA’s rules were not designed to address privacy risks introduced by widespread personal information collection and use in the modern digital ecosystem.
- HIPAA’s rules were designed to support information flows within the health care system and allow for broad uses and disclosures of data by both covered entities and business associates without the need to obtain patient consent.
- HIPAA is “leaky” — it expressly allows covered entities and business associates to share data outside of HIPAA, including selling de-identified data, without patient consent.
- HIPAA’s rules protect data and also protect incumbents’ interests in controlling health data.
- Ultimately Congressional action is needed to establish meaningful privacy protections for personal data.
Read the full article in The Health Care Blog.
fyi, here’s a listing of all the posts in the Health Data Goldilocks series to-date. Some great articles here from guest-author industry luminaries:
- For Your Radar — Huge Implications for Healthcare in Pending Privacy Legislation; By Vince Kuraitis and Deven McGraw, February 19, 2019
- Announcing a New Series; By Zoya Khan, July 22, 2019
- Pending Federal Privacy Legislation: A Status Update; By Deven McGraw and Vince Kuraitis, July 23, 2019
- Health Data Outside HIPAA: The Wild West of Unprotected Personal Data; By Vince Kuraitis and Deven McGraw, August 12, 2019
- Health Data Outside HIPAA: Will the Protecting Personal Health Data Act Tame the Wild West?; By Deven McGraw and Vince Kuraitis, August 19, 2019
- Patient Controlled Health Data: Balancing Regulated Protections with Patient Autonomy; By Kenneth Mandl, Dan Gottlieb, and Joshua Mandel, September 3, 2019
- Thinking ‘oat’ of the box: Technology to resolve the ‘Goldilocks Data Dilemma’; By Robert C. Miller, Jr. and Marielle Gross, MD, MBE, September 9, 2019
- Why Should Anyone Care About Health Data Interoperability?; By Susannah Fox, September 19, 2019
- The Health Data Goldilocks Dilemma; a video interview of Vince Kuraitis & Devin McGraw by Jessica DaMassa, WTF Health; posted November 4, 2019
- Patient-Directed Uses vs. The Platform; by Adrian Gropper, MD, December 18, 2019
- Health Data Outside HIPAA: Simply Extending HIPAA Would Be a #FAIL; by Deven McGraw and Vince Kuraitis, January 20, 2010
- Healthcare in the National Privacy Law Debate; by Kirk Nahra — Coming Soon
- The Privacy Inflection Point: Privacy Protection Gets Real; by Vince Kuraitis and Deven McGraw — Coming Soon
- The Privacy Inflection Point: Implications; by Vince Kuraitis and Deven McGraw — Coming Soon
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License. Feel free to republish this post with attribution.