Updating Healthcare Data Management and Privacy

By Nick van Terheyden aka Dr Nick, Principal, ECG Management Consulting
Twitter: @drnic1
Host of Healthcare Upside Down#HCupsidedown

When we talk about healthcare data and protecting it, almost everyone is aware of HIPAA. You can’t interact with any healthcare organization in any way without having that term thrust upon you on forms you must sign—forms that are dense and full of legalese, making them hard to comprehend and certainly not something that’s top of mind for any patient as they navigate what may be a stressful time in their lives.

So what does HIPAA mean and where did it come from? The letters stand for the Health Insurance Portability and Accountability Act of 1996. The term originated with the federal law of the same name, which created a national standard to protect sensitive patient health information from being disclosed without a patient’s knowledge or consent.

Episode NOW on Demand

Ironically, while HIPAA was meant to protect patients, it’s often had the unintended consequence of preventing them from gaining access to their own health data. To get a sense of how long this has been going on, I carried and sometimes still have to use a memo, issued on September 13, 2013, by Leon Rodriguez, then the Director of the Office of Civil Rights, that detailed my rights to see and obtain a copy of my medical records. It’s proved effective in overcoming resistance to sharing my records, but not before I had been challenged with multiple instances of “I can’t share that, it would be a HIPAA violation.”

Thankfully things are improving, as we have covered in prior shows on information blocking, but the balance between security and privacy is an ongoing challenge.

Rita Bowen is likely one of very few people who can say she provided comment to HHS on both the original version of HIPAA and its most recent proposed changes. She joins me on this episode to talk about getting HIPAA can function the way it was intended despite a world that has changed dramatically since its inception.

Origin and evolution of HIPAA.

“HIPAA started from the perspective of needing to increase the privacy of health information, since we were moving toward electronic health information when it was released in 1996. But HIPAA hasn’t been really updated since its inception, except for in 2013, when they came out with the Omnibus Rule, which enhanced some things. But most recently, with Biden coming into office in January 2021, they did release a Notice of Proposed Rulemaking with new language to modernize HIPAA. I have taken the time to respond to that, and it’s still not right. There are things that HIPAA does well, and then there are things that definitely need to be enhanced in [the way it’s] currently written.”

Why HIPAA needs an overhaul.

“PHI is an acronym for personal health information or protected health information. We often now say ePHI, because it’s electronic personal health information that’s protected. HIPAA started with a hybrid formation of a record in just the infancy of electronic, and as we have progressed, the whole delivery of healthcare is different. How we receive care, how our caregivers and clinicians work with health information is totally different. And that’s one reason HIPAA needs a facelift.”

On interoperability.

“When the Notice of Proposed Rulemaking was released, I was very excited to see how they tried to modernize [HIPAA]. And they didn’t. What they did is make it more clunky, because now there are things in this Notice of Proposed Rulemaking that actually conflict with interoperability. And in my response back to HHS, I explained that you need to allow interoperability to come to full fruition. And if you do, you don’t need to modernize HIPAA, because it works from a standpoint of data protection for those who are authorized to access that information. Interoperability is going to force the release for those that have a need to know. We should be focusing on information flow for the right reasons—to improve population health—and try to negate bad actors.”

About the Show
The US spends more on healthcare per capita than any other country on the planet. So why don’t we have superior outcomes? Why haven’t the principles of capitalism prevailed? And why do American consumers have so much trouble accessing and paying for healthcare? Dive into these and other issues on Healthcare Upside/Down with ECG principal Dr. Nick van Terheyden and guest panelists as they discuss the upsides and downsides of healthcare in the US, and how to make the system work for everyone.

This article was originally published on the ECG Management Consulting blog and is republished here with permission.