Healthcare privacy regulations in the U.S. need an update to usher them into the contemporary age to make certain individually identifiable health data is safeguarded irrespective of how it is gathered and shared. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule is now over 20 years old, and although the Department of Health and Human Services (HHS) has recommended upgrades to the HIPAA Privacy Rule that will be finished this 2022, even though the planned HIPAA Privacy Rule modifications are approved, there will still be regulatory breaks that put health information at stake.
The usage of technology for healthcare and health information has developed in a manner that cannot be envisioned when the Privacy Rule was made into law. Health data is currently being compiled by health programs and other systems, and individuals’ sensitive health information is being disclosed with and bought by technology corporations. The HIPAA Privacy and Security Rules presented conditions to safeguard the privacy and security of health data, nevertheless, HIPAA is merely applicable to HIPAA-covered entities – medical care providers, healthcare clearinghouses, and health plans – as well as their business associates. A number of the surfacing technologies today being utilized to document, store, and transfer health information are not protected by HIPAA and its protections and safety measures are not applicable. Additionally, the suggested changes to the HIPAA Privacy Rule will make it less complicated for people to acquire access to their health data and tell covered entities to transmit that data to unregulated personal health programs.
There is new bipartisan legislation released recently that strives to commence the process of determining and closing the present privacy holes connected with surfacing technologies to ensure health information is better secured, such as health data that aren’t presently secured by HIPAA. The Health Data Use and Privacy Commission Act was introduced by Sens. Bill Cassidy (R-LA) and Tammy Baldwin (D-WI) and aspires to establish a new commission that is going to be assigned to analyze present federal and state rules covering health data privacy and make proposals for upgrades to include the present technology landscape.
The opportunity of new technology to enhance patient care looks boundless. Nevertheless, Americans need to have confidence that their personal health information is safeguarded when this technology can reach its 100 % potential, mentioned Dr. Cassidy. It is necessary to upgrade HIPAA for the contemporary day. This law commences this process on a path to be sure it is done properly.
The Comptroller General is assigned with recruiting committee members who need to send their report, findings, and suggestions to Congress and the President in six months. The commission must examine existing privacy regulations and find out their usefulness and limits, any possible risks to individual health privacy and genuine business and policy interests, and the uses for which the disclosing of health data is proper and helpful to individuals.
The commission must report on whether or not more federal laws are needed and, if present privacy rules should be updated, offer ideas on the best strategies to reform, improve, coordinate, unify, or complement existing laws and regulations pertaining to personal health privacy. That advice could include revisions to HIPAA to cover a larger array of entities or new state or federal regulations covering medical information. When updates are suggested, the commission needs to give specifics of the probable costs, burdens, and prospective accidental outcomes, and whether there’s a risk to health results if privacy regulations are too rigid.
The Health Data Use and Privacy Commission Act has attracted support from a couple of medical associations and technology companies, which include the College of Cardiology, National Multiple Sclerosis Society Federation Of American Hospitals, Epic Systems, IBM, and Association Of Clinical Research Organizations.