As healthcare reform forges on, some players in the healthcare industry have voiced concerns that other key pillars in the field, such as HIPAA, are becoming outdated, according to a report in The Morning Consult.
"Representatives from a broad swath of the health economy — providers, insurers, and health IT professionals — say the same resources haven't been leveraged to update existing regulations or inform the healthcare community about how old rules apply in the new world," according to the report. "They worry that they're increasingly navigating a regulatory minefield with an out-of-date map."
Many providers don't believe HIPAA needs to undergo a major reconstruction, according to the report. Instead, they request clarity, oversight and further education for all members in the healthcare industry.
Here are 4 shortcomings or outdated elements of HIPAA that should address the current landscape of the industry.
1. Paul Misener, vice president for global public policy at Amazon, said at a House Energy & Commerce Committee hearing that elements of HIPAA are preventing Amazon from entering the health IT sector, such as the possibility of delivering biomedical treatments. Mr. Misener suggested Congress and HHS work to modernize HIPAA to allow healthcare providers the tools of cloud computing while still maintaining patient privacy and safeguarded protected health information, according to the report.
2. The definition of an "entity" is becoming a roadblock in the industry grappling with HIPAA. According to HIPAA, physicians in one entity can share patient health information with one another, but entity is understood to mean one hospital or health system. However, with the proliferation of accountable care organizations and the encouragement for providers to work together across systems and across the healthcare continuum, providers are less sure about the boundaries of the law.
3. In terms of data breaches, HIPAA penalizes providers based on the volume of potentially compromised data. When HIPAA was enacted in 1996, "it was passed at a time when doctors were unlikely to be carrying around thousands of files," according to the report. "In today's world, a doctor could have exponentially more sensitive information on a laptop or even a phone, so providers would like to see a new way of assessing penalties that moves away from a volume-based system."
4. Telehealth raises the question of encryption and third parties. The report questions the use of Skype as a platform for video consultations. While Skype is not a secure network and does not have to comply with HIPAA, the physician is then held responsible if the consultation is breached, even if their data and communications is encrypted, according to the report.
More articles on HIPAA:
Are hospitals misusing HIPAA?
6 overlooked HIPAA practices to implement now
Patient data compromised after computer theft at Bay Area Pain Medical Associates