[ Tuesday, December 30, 2003 ]
Here's another interesting end-of-year assessment
of HIPAA, this time from the American Medical Association's newssite. As you can see from article, you've got Janlori Goldman saying the rules are easy, then saying it's absolutely prohibited to give PHI to employers: that's not exactly true. Although there are many restrictions, there are several instances where employers can get protected health information (for example, limited information that is used to shop for insurance). The rules are easy, but even Janlori gets them not quite right.
Then you've got Bill Braithwaite saying use just need to be reasonable, countered by the Seacrest guy saying someone's gonna get hit with a multimillion dollar lawsuit. For some practices, it would be reasonable just to have an employee training session; for example, if the practice already had records locked away and a good culture of security and privacy, a "reminder" session with employees might be all that's needed. But the article indicates that would not be sufficient.
Can we take this as proof that HIPAA is confusing?
Jeff [10:07 AM]
Blogger: HIPAA Blog - Edit your Template