[ Thursday, July 19, 2007 ]
Had Enough HIPAA? How about some HIPSA?
Senators Leahy and Kennedy have introduced new legislation
to revise HIPAA, limit most uses or disclosures without prior authorization, require practices to allow patients to opt out of EMRs, and require notification of patients in cases of data breaches. There's also a new private cause of action where patients can sue for breaches of HIPSA. I haven't read the bill yet, but I suspect these are pretty stupid ideas. I know some of them are.
Why haven't I read the bill yet? I don't want to waste my time if this doesn't go anywhere. This is certainly a manufactured issue, as is obvious by the orchestrated kabuki theatre of public hearings and press conferences
. Are there no problems with improper access to medical information? No, there are, but they aren't from offshore transcription services (if Sandip in Bangalore knows you take Paxil, so what?) or from evil drug companies data-mining your medical records. They're from low-level employees
either engaging in the electronic version of water-cooler gossip (which they probably did at least as much in the age of paper records, and probably do less now that there's a greater emphasis on privacy and -- with electronic records -- the greater likelihood of getting caught) or stealing
(the modern way: identity theft).
Jeff [9:52 AM]
Blogger: HIPAA Blog - Edit your Template