Former ONC Federal Policy Director Addresses How To Close Privacy Gaps In HIPAA
By Christine Kern, contributing writer
Article says giving patients more control over their health information helps with privacy issues.
Giving patients more control over their health information could help with privacy considerations argues Jodi Daniel, former federal policy director at ONC, in a Bloomberg BNA opinion piece. Daniel and co-authors Elliot Golding and Jennifer Williams specifically were addressing how to close privacy gaps in HIPAA related to protecting health information ONC recently identified in a report.
The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996 and is designed to protect the privacy and rights of patient records. But HIPAA distinguishes between covered entities — health plans, healthcare clearinghouses, and providers and their business associates — on one hand and non-covered entities, including mobile health technologies and health-related social media sites, on the other. The ONC report found most individuals remain confused on uninformed regarding when their health data is actually protected by HIPAA and when it is not.
While the authors believe HIPAA provides important protection for individuals, the rapid increase in consumer-facing health tools that do not fall under HIPAA guidelines “has reached a tipping point where such gaps can no longer be ignored.”
“The ONC report frames the privacy and security problems well and highlights many of the most critical deficiencies, but largely punts to the private sector to develop a solution," Daniel and colleagues wrote.
Among ways to improve privacy protection of the information generated by wearables and mobile health apps, the authors also suggested considering new technological capabilities for data protection. These technologies foster a “predictable business environment.” Viewing the ONC report as a call to action for the private sector to help close these gaps, the authors pose three important questions: Why are standards beneficial? What should the requirements be? How should data holders be held accountable for meeting said standards?
In response to the third question, Daniel and colleagues write a mechanism needs to be in place for accountability to the data holder. To this end, they suggest that the private sector could develop an accreditation program and the system could be used to demonstrate compliance.
Ultimately, the authors conclude, “This convening is an important next step and could reduce the gaps in protections and the resulting problems identified in ONC’s report.”