Mary Butler, associate editor of the Journal of AHIMA, investigated whether HIPAA needs an update for the 21st century in a recent article for the American Health Information Management Association's publication.
Here are four things to know.
1. HIPAA is frequently misunderstood by both patients and providers, according to Ms. Butler. Although it is often considered a healthcare privacy law, HIPAA — or the Health Insurance Portability and Accountability Act of 1996 — was created to help healthcare providers transmit claims to health plans. The law contains privacy and security requirements to ensure safe electronic information sharing, however these are not the original focus of the legislation.
2. Since HIPAA is not a complete healthcare privacy law, state governments often step in to provide more stringent local security legislation. Within a healthcare organization, the privacy officer must be familiar with both. To address this issue, some healthcare industry experts suggest replacing HIPAA with an overarching national privacy and security law. However, others appreciate how stricter laws at the state level sometimes push HIPAA to update its protections.
3. Another gap in healthcare privacy laws involve recent health IT innovations. Since HIPAA was first enacted before the widespread use of Fitbits, EHRs, telehealth and wearables, many feel as if technology has outpaced the legislation in its current form. Again, the question many healthcare stakeholders ask is whether HIPAA should be updated to reflect these changes, or if legislators should be focused on creating new privacy laws.
4. Another major concern is whether emphasizing privacy through HIPAA has had unintended consequences to patient access. Increasingly, patients are asking to see electronic copies of their health information, but providers are worried doing so will unintentionally lead to a HIPAA violation.
"We've done a really excellent job of raising the awareness of the importance of privacy among healthcare professionals and office managers, a really excellent job. But in this particular case, we maybe overcorrected," Lucia Savage, JD, former chief privacy officer at ONC, told Journal of AHIMA. "We need to swing the pendulum back a little bit."
Click here to view the full article.