Stimulus bill sets new HIPAA rules, but will it make a difference?
As we report in today's issue, the HITECH section of the stimulus bill adds some new provisions to HIPAA and toughens others. And dutifully enough, HHS has issued a list of deadlines by which it will comply with key portions of the new law, as well as when it will issue regs that put the infrastructure in place to enforce the new rules.
Fine. Good. We're all happy to see consumer health data protected better. But as we've noted before, HIPAA enforcement has been extremely lax since the law went into effect in 2006. So what makes anyone think that adding new rules is going to change anything dramatically?
Consider this: As of late 2008, CMS had received a grand total of--brace yourself--200 HIPAA complaints since it began accepting them. And penalties have proved to be even rarer.
When you consider that there are more than 5,000 hospitals alone in the U.S., and that these are just one type of covered entity, you begin to get a sense of how seldom complaints get filed, much less investigated. Providers should be more afraid of being hit by lightning.
So, now we have HITECH, and well-intentioned efforts to expand the scope of HIPAA in ways that probably make sense. The thing is, given the state of enforcement, expanding HIPAA is all frosting and no cake. Sure, such rules may make the public more comfortable with the expansion of EMRs and the ultimate creation of a national health information network, but are consumers really any safer? Probably not.
For what it's worth, I believe that that the problem needs to be addressed at its source--the consumer. It would probably do a lot more good to promulgate rules demanding that consumers receive meaningful education on their HIPAA rights (not just a page full of dense language to sign).
That would include a plain-English discussion of key violations of their rights that could occur, what recourse they have and specific street addresses, phone numbers, email addresses and websites where they can go. To accomplish this, meanwhile, administrative staff members will have to get a better HIPAA education than they have to date, which mostly seems to involve telling consumers "sign here."
By all means, continue to ratchet up HIPAA protections for consumers. Clearly, strong protections for personal health information are needed, and closing loopholes is an excellent idea. But making changes in form, without adding substance, isn't doing anyone any good. - Anne
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map
| Editors | List in Marketplace | Supplier in MarketplaceTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
