Healthcare privacy regulations in the United States must be updated to bring them into the current age to make sure individually identifiable health information is secured regardless of how it is gathered and shared. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule is now more than 2 decades old, and while the Department of Health and Human Services (HHS) has suggested revisions to the HIPAA Privacy Rule that are due to be completed this year, even if the recommended HIPAA Privacy Rule revisions are signed into law, there will still be regulatory holes that expose health data to threats.
Using technology for healthcare and health data has expanded in a way that couldn’t be understood when the Privacy Rule was approved. Health information is currently being compiled by health applications and other technologies, and individuals’ sensitive health data is being disclosed with and purchased by technology firms. The HIPAA Privacy and Security Rules presented standards to protect the privacy and security of health information, however, HIPAA applies simply to HIPAA-covered entities – medical care providers, health plans, and healthcare clearinghouses – and their business associates. A few of the appearing technologies currently being employed to record, store, and transmit health data are not covered by HIPAA and its protections and security measures don’t apply. In addition, the recommended revisions to the HIPAA Privacy Rule will make it simpler for individuals to get access to their health information and direct covered entities to send that information to unregulated personal health apps.
New bipartisan legislation has already been launched that seeks to begin the process of finding and closing the present privacy gaps related to rising technologies to ensure health data are better safeguarded, which include health information that is not currently safeguarded by HIPAA. The Health Data Use and Privacy Commission Act was introduced by Sens. Bill Cassidy (R-LA) and Tammy Baldwin (D-WI) and seeks to create a new commission that will be designated to analyze existing federal and state rules covering health data privacy and make proposals for enhancements to cover the current technology landscape.
The possibilities of new technology to better patient care appear endless. However, Americans should trust that their personal health data is secured if this technology can satisfy its full potential, stated Dr. Cassidy. It is important to update HIPAA for the modern day. This law begins this process on a pathway to ensure it is done correctly.
The Comptroller General is tasked with hiring committee members who must submit their report, conclusions, and suggestions to Congress and the President within 6 months. The commission needs to evaluate existing privacy regulations and know their efficiency and restrictions, any possible threats to individual health privacy and legit business and policy interests, and the needs for which the sharing of health information is suitable and advantageous to customers.
The commission must report on whether additional federal laws are required and, if present privacy rules must be updated, offer recommendations on the best means to reform, streamline, balance, unify, or supplement existing laws and regulations associated with personal health privacy. Those suggestions could entail changes to HIPAA to cover a wider selection of entities or new state or federal regulations covering health data. In case updates are proposed, the commission needs to give particulars of the probable costs, burdens, and likely unintentional results, and whether there is a danger to health outcomes if privacy guidelines are too strict.
The Health Data Use and Privacy Commission Act has drawn support from a number of medical associations and technology providers, such as the College of Cardiology, Federation of American Hospitals, National Multiple Sclerosis Society, Epic Systems, Association of Clinical Research Organizations, and IBM.