Hospital leaders: New HIPAA rule will be a challenge


While the newly unveiled HIPAA omnibus rule, announced Thursday afternoon by the U.S. Department of Health & Human Services represents a win for patient privacy protection, executing the new rules will present a multitude of challenges, according to several FierceHealthIT Editorial Advisory Board members.

Todd Richardson (right), vice president and CIO of Wausau, Wis.-based non-profit health system Aspirus, Inc., told FierceHealthIT that providers and vendors that use and create electronic health record systems already walk a tight balance between complying with HIPAA and meeting the requirements of the HITECH Act and Meaningful Use regulations.

"On one hand we have 'protect, protect, protect' and on the other hand we have 'share, share, share," Richardson said. "While the balance is 'protect and share,' the devil is always in the details. The reality is that all of the information is not under the tight control of the covered entity."

Richardson added that while all healthcare professionals understand the responsibility to protect patient information, as more systems come online with information, inevitably, there will be more opportunity for data breaches.

"I find a little bit of irony in the reality of today's new paradigm, where we have so many people posting so much personal information on Facebook and tweeting about their every move and their latest lab result, yet the government is pushing privacy requirements further," Richardson said.