HIPAA Health Insurance Portability and Accountability
With the recent announcement that the 21st Century Cure Bill had passed it first congressional hurdle has left many health-care providers scratching their heads, wondering is this a good thing??
The scope of the bill seems to be to advance the impact and success of medical innovation, the methodology would be to collect, compare and analyze patients protected health data supporting HIPAA compliance.
So the question is, how are they going to collect this data? Are we expected to collect/send MORE data when treating, ask more questions?!? How does the patient consent? And more importantly how do we stay compliant and protect our data??!
Well, according to the Bill the data would be used by researchers, they would have remote access to the PHI collected, from which point they can begin to analyze and compare data, hopefully leading to the discovery, development and delivery of new drugs and treatments. Without patient consent.
Yes, you read that right, without patient consent, these proposals will effectively loosen HIPAA regulations in terms of storing PHI, however it would strengthen the level of responsibility for EHR vendors and Health IT systems. In the same vein, within the Bill is a measure that provides for penalties for Healthcare entities that “inappropriately” block the sharing of information!
What seems to be the upside to this proposal then as a qualified experienced healthcare provider? The Bill would appear to provide payments to those who exchange or disclose PHI for research purposes, although the amount has not been specified nor have the submission parameters, leaving everybody unclear and unsure as to how to prepare for this change and staying HIPAA compliant.
With the huge fine given to Anchorage Community Health Services ($150,000!!!!) for HIPAA violations due to malware infections, the one thing that is certain. Many will be weary and will not rush into any new changes without clarification.